This document has not been formally reviewed for accuracy and is provided "as is" for your convenience.
Summary
Getting HP ALM 11.5 to run SSL with a CA’s cert on Windows
Before you begin
HP ALM 11.5 uses an embedded Jetty server (7.5.4 to be exact). Jetty is a JAVA based web server and reads its certificates out of a Java keystore. Keytool is used to create the keystore and it’s very important to use the one supplied with ALM to create the file or it may be unreadable by the jetty server.
Setting up the ALM Servers for SSL
Please check for file location according your ALM installation
Note: Underscore at the end of a line is used as a continuation indicator (ala VBScript).
1) Setup a variable pointing to Keytool
The path to keytool is long and treacherous. Don’t forget the quotes since there are spaces in the path.
Set KT="D:\Program Files\HP\HP Application LifeCycle Management _
11.50\java\jre\bin\keytool.exe"
2) Create Keystore & private key.
Creating the keystore also generates a self-signed cert which can be used for initial testing of the server. Later (in step 5) the certificate issued by the CA will overwrite this cert.
In this example, the certificate files are stored in C:\certs.
cd C:\certs
%KT% -genkey –alias server_cert -keyalg RSA –storepass changeit -keysize 2048 _
-keystore server.keystore
What is your first and last name?
[Unknown]: hpalm.ALMglobal.net (the FQDN of the server)
What is the name of your organizational unit?
[Unknown]: myUnit
What is the name of your organization?
[Unknown]: myOrg
What is the name of your City or Locality?
[Unknown]: King of Hill
What is the name of your State or Province?
[Unknown]: Pennsylvania
What is the two-letter country code for this unit?
[Unknown]: US
Is CN= hpalm.ALMglobal.net, OU= myUnit, O= myOrg, L= King of Hill, _
ST=Pennsylvania, C=US correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
3) Validate the keystore
The keystore was created with a self-signed cert .
Let’s check to make sure everything’s ok.
This shows the keystore is valid and allows you to check your cert’s expiration date
%KT% -list -storepass changeit -keystore server.keystore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: server_cert
Creation date: Mar 11, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=hpalm.ALMglobal.net , OU=Unknown, O=myOrg, L=King of Hill, ST=Pennsylvania, C=US
Issuer: CN=hpalm.ALMglobal.net , OU=Unknown, O=myOrg, L=King of Hill, ST=Pennsylvania, C=US
Serial number: 513deb3e
Valid from: Mon Mar 11 10:33:34 EDT 2013 until: Wed Mar 11 10:33:34 EDT 2015
Certificate fingerprints:
MD5: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Signature algorithm name: XXXXX
Version: X
4) Creating the CSR
Generate a CSR, using the same alias as in step
%KT% -certreq –alias server_cert -keyalg RSA -storepass changeit _
-file server_to_ca.csr -keystore server.keystore
Send the file server_to_ca.csr to your CA.
5) Installing the certificate(s)
From your CA you will get a file back (normally ending in .cer ) that you can then import into the keystore. You should also get back the CA’s intermediate certificate ()s which you will have to import before the server certificate.
This is the list of files for the production HP ALM servers at this point in C:\certs (using one root and two intermediate certificates):
server_to_ca.csr - CSR SENT TO CA
server.keystore - KEYSTORE
cert_from_ca.cer - SERVER CERT RETURNED BY THE CA – MUST BE INSTALLED 4th
file3.cer.txt - CA INTERMEDIATE CERT – MUST BE INSTALLED 3rd
file2.cer.txt - CA INTERMEDIATE CERT – MUST BE INSTALLED 2nd
file1.cer.txt - CA ROOT CERT – MUST BE INSTALLED 1st
Please remember to use either the same aliases used in
Question
HP QC Ent Global CC Usr SW E-LTU/ Facing issue with the istallation of HP ALM
HP QC Ent Global CC Usr SW E-LTU + version: 12
Operating systems : Windows Server 2012
Issue description: Facing issue with the istallation of HP ALM
Request Type: Technical
Impact, Urgency: Critical
HP QC Ent Global CC Usr SW E-LTU/ Facing issue with the istallation of HP ALM
Given Contract ID is 104401052104
[9330]Case is associated with an override delivery address/contact.
HP QC Ent Global CC Usr SW E-LTU + version: 12
Operating systems : Windows Server 2012
Issue description: Facing issue with the istallation of HP ALM
Request Type: Technical
Impact, Urgency: Critical
HP QC Ent Global CC Usr SW E-LTU/ Facing issue with the istallation of HP ALM
Given Contract ID is 104401052104
[9330]Case is associated with an override delivery address/contact.
Answer
Issue fixed by changing the encrytion level and importing the corrects certificates