Configure HTTPS for Jetty

  • KM01369703
  • 26-Jan-2015
  • 26-Jan-2015

This document has not been formally reviewed for accuracy and is provided "as is" for your convenience.


Getting HP ALM 11.5 to run SSL with a CA’s cert on Windows Before you begin HP ALM 11.5 uses an embedded Jetty server (7.5.4 to be exact). Jetty is a JAVA based web server and reads its certificates out of a Java keystore. Keytool is used to create the keystore and it’s very important to use the one supplied with ALM to create the file or it may be unreadable by the jetty server. Setting up the ALM Servers for SSL Please check for file location according your ALM installation Note: Underscore at the end of a line is used as a continuation indicator (ala VBScript). 1) Setup a variable pointing to Keytool The path to keytool is long and treacherous. Don’t forget the quotes since there are spaces in the path. Set KT="D:\Program Files\HP\HP Application LifeCycle Management _ 11.50\java\jre\bin\keytool.exe" 2) Create Keystore & private key. Creating the keystore also generates a self-signed cert which can be used for initial testing of the server. Later (in step 5) the certificate issued by the CA will overwrite this cert. In this example, the certificate files are stored in C:\certs. cd C:\certs %KT% -genkey –alias server_cert -keyalg RSA –storepass changeit -keysize 2048 _ -keystore server.keystore What is your first and last name? [Unknown]: (the FQDN of the server) What is the name of your organizational unit? [Unknown]: myUnit What is the name of your organization? [Unknown]: myOrg What is the name of your City or Locality? [Unknown]: King of Hill What is the name of your State or Province? [Unknown]: Pennsylvania What is the two-letter country code for this unit? [Unknown]: US Is CN=, OU= myUnit, O= myOrg, L= King of Hill, _ ST=Pennsylvania, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password): 3) Validate the keystore The keystore was created with a self-signed cert . Let’s check to make sure everything’s ok. This shows the keystore is valid and allows you to check your cert’s expiration date %KT% -list -storepass changeit -keystore server.keystore Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: server_cert Creation date: Mar 11, 2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: , OU=Unknown, O=myOrg, L=King of Hill, ST=Pennsylvania, C=US Issuer: , OU=Unknown, O=myOrg, L=King of Hill, ST=Pennsylvania, C=US Serial number: 513deb3e Valid from: Mon Mar 11 10:33:34 EDT 2013 until: Wed Mar 11 10:33:34 EDT 2015 Certificate fingerprints: MD5: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Signature algorithm name: XXXXX Version: X 4) Creating the CSR Generate a CSR, using the same alias as in step %KT% -certreq –alias server_cert -keyalg RSA -storepass changeit _ -file server_to_ca.csr -keystore server.keystore Send the file server_to_ca.csr to your CA. 5) Installing the certificate(s) From your CA you will get a file back (normally ending in .cer ) that you can then import into the keystore. You should also get back the CA’s intermediate certificate ()s which you will have to import before the server certificate. This is the list of files for the production HP ALM servers at this point in C:\certs (using one root and two intermediate certificates): server_to_ca.csr - CSR SENT TO CA server.keystore - KEYSTORE cert_from_ca.cer - SERVER CERT RETURNED BY THE CA – MUST BE INSTALLED 4th file3.cer.txt - CA INTERMEDIATE CERT – MUST BE INSTALLED 3rd file2.cer.txt - CA INTERMEDIATE CERT – MUST BE INSTALLED 2nd file1.cer.txt - CA ROOT CERT – MUST BE INSTALLED 1st Please remember to use either the same aliases used in


HP QC Ent Global CC Usr SW E-LTU/ Facing issue with the istallation of HP ALM
HP QC Ent Global CC Usr SW E-LTU + version: 12
Operating systems : Windows Server 2012
Issue description: Facing issue with the istallation of HP ALM
Request Type: Technical
Impact, Urgency: Critical
HP QC Ent Global CC Usr SW E-LTU/ Facing issue with the istallation of HP ALM
Given Contract ID is 104401052104
[9330]Case is associated with an override delivery address/contact.


Issue fixed by changing the encrytion level and importing the corrects certificates