Configuring Perception to use SSL | Questionmark

Configuring Perception to use SSL

Applies to the following products: 
Questionmark Perception
Applies to the following Perception versions: 
Perception 5.7

Once you have installed Questionmark Perception and confirmed it is working, you may want to enable SSL on the server so that all communication coming from and to the server is encrypted. If your Perception server is handling the SSL communication directly, then you should follow the procedure set out here.

How you set up your certificate may differ slightly based on your SSL certificate provider. Please refer to the relevant documentation available from your certificate reseller and Microsoft.

Once you have installed the certificate and created the relevant HTTPS bindings, please continue the process documented below.

Updating the server settings to use HTTPS

You will need to change the Server Settings to use HTTPS and update the qpla.ini file.

To update the Server Settings:

  1. Login to Enterprise Manager using a user who has permissions to modify the server settings.
  2. Navigate to Administration | Server Management | Server Settings.
  3. Navigate to the following setting:

    • Perception Server (It can be found in the Server Settings | Global Settings section.)
  4. This setting will need to be updated to contain the address of the Perception server. This could be the computer name, for example, if you are running it on an internal intranet, or a valid domain name if you intend participants to access Perception via the internet. If you want to use SSL, enter the address name using HTTPS, e.g., https://MyPerceptionServer or https://questionmark.com.

  5. Repeat step 4 for the following two settings, also in Global Settings:
    • QPLA Server should be set to the same HTTPS URL you used in step 4.
    • Repository Server should be set to the same HTTPS URL you used in step 4.
  6. Set the QABS Server setting, also in Global Settings, to the HTTP (not HTTPS) URL of the server. For example:
    • http://MyPerceptionServer
  7. Click Save and Exit to apply the changes.
  8. Open the ServerSettings.config file and set useHttps to "True" and perceptionServer to "HTTPS" in the globalSettings tag and only the globalSettings tag.
  9. In the qpla.ini file, set the useHttps setting to useHttps=1.

Configuring the URLs for the portal and service layer

  1. On your Perception server, launch a web browser and navigate to the configuration application:

    http://<server_name>/configuration

    ...where <server_name> is the domain or server name where Perception was installed.

  2. Click Configure Environment (it will read Redo: Configure Environment if you've already configured Perception).

  3. In the Enter the portal address: field, update the details for the portal server by modifying the address to include https rather than http where necessary and making sure the address matches the one created for your SSL certificate or the DNS name the system is configured for.

  4. In the Enter the service layer address: field, update the details for the service layer server so that it is accessed via the special loopback IP address, e.g., http://127.0.0.1. Note that the service layer server continues to operate using http, but it should be configured so that it is not accessible on the network. We recommend following a similar procedure to that described for securing the QABS service, explained in ADV7. Restrict access to Perception.

  5. Click Configure.
  6. Once the changes have been made, you can exit the configuration application.

Enabling SSL in IIS

How you set up your certificate may differ slightly based on your SSL certificate provider. Please refer to the relevant documentation available from your certificate reseller and Microsoft.

Once you have installed the certificate and created the relevant HTTPS bindings, please continue the process documented below.

Configuring the virtual directories in IIS

  1. Launch IIS and open the "Sites" folder tree.
  2. Open the "Default Web Site" folder tree.
  3. Select em5.
  4. Double-click SSL Settings.
  5. Enable the Require SSL option.
  6. Click Apply.
  7. Repeat steps 3 to 6 for the following virtual directories:
    • analytics
    • ChartImages
    • configuration
    • identity
    • perception5
    • portal
    • qm2golms5
    • qmwise5
    • scoringtool5
    • <repository_name>_con
    • <repository_name>_res
    • <repository_name>_togo
    • analyticsodata
    • analyticsodataservice

    ...where <repository_name> in the name you set when creating your shared repository.

  8. Make sure the following virtual directories do not have SSL enabled:
    • analyticsservice
    • configurationservice
    • etlconfigurationservice
    • peopleidentitymanager
    • perceptionidentitymanager
    • perceptionidentityprovider
    • qabs
  9. Select the identity virtual directory.
  10. Double-click Application Settings.
  11. Change the ForceHttps setting to True.
  12. Repeat steps 9 to 11 for the portal virtual directory.

Updating the web.config files to include the HttpCookies setting

The httpCookies setting may already exist in the relevant web.config files, and adding it again will cause an error. Only add the httpCookies setting when it doesn't aready exist in the relevant web.config files.

At this point, the following web.config files need to be updated to include the HttpCookies setting (the default locations of these files are included in brackets):

  • Qframework (C:\Program Files\Questionmark\Perception5\Portal\web.config)
  • Open ID provider website (C:\Program Files\Questionmark\Perception5\People\OpenIdProvider\web.config)
  • Reporting website (C:\Program Files\Questionmark\Perception5\Analytics\ReportingWeb\web.config)
  • Reporting OData WebApp (C:\Program Files\Questionmark\Perception5\Analytics\OData\web.config)
  • Scoring Tool (C:\Program Files\Questionmark\Perception5\ST\web.config)
  • QM2Go LMS (C:\Program Files\Questionmark\Perception5\QM2GoLMS\web.config)
  • Enterprise Manager (C:\Program Files\Questionmark\Perception5\EM\web.config)
  • Reporting OData (C:\Program Files\Questionmark\Perception5\Analytics\ReportingOData\web.config)
  • Reporting OData service (C:\Program Files\Questionmark\Perception5\Analytics\ReportingODataService\web.config)

To do this:

  1. Open each web.config file with Notepad or another text-editing tool.
  2. Locate the <system.web> section of each file.
  3. Add the following bit of code to this section:
    • <httpCookies httpOnlyCookies="true" requireSSL="true" ></httpCookies>
  4. Save the changes you've made to each web.config file.