ADV6. Configure Perception to use SSL

Applies to the following products: 
Questionmark Perception
Applies to the following Perception versions: 
Perception 5.4

Once you have installed Questionmark Perception and confirmed it is working, you may want to enable SSL on the server so that all communication coming from and to the server is encrypted. If your Perception server is handling the SSL communication directly, then you should follow the procedure set out here:

Enable SSL in IIS

How you set up your certificate may differ slightly based on your SSL certificate provider. Please refer to the relevant documentation available from your certificate reseller and Microsoft.

Once you have installed the certificate and created the relevant HTTPS bindings, please continue the process documented below.

Configure the URLs for the portal and service layer
  1. On your Perception server, launch a web browser and navigate to the configuration application:

    http://<server_name>/configuration

    ...where <server_name> is the domain or server name where Perception was installed.

  2. Click Configure Environment (it will read Redo: Configure Environment if you've already configured Perception)

  3. In the Enter the portal address: field, update the details for the portal server by modifying the address to include https rather than http where necessary and making sure the address matches the one created for your SSL certificate

  4. In the Enter the service layer address: field, update the details for the service layer server so that it is accessed via the special loopback IP address, e.g., http://127.0.0.1. Note that the service layer server continues to operate using http, but it should be configured so that it is not accessible on the network. We recommend following a similar procedure to that described for securing the QABS service, explained in ADV7. Restrict access to Perception.

  5. Click Configure
  6. Once the changes have been made, you can exit the configuration application
Configure the virtual directories in IIS
  1. Launch IIS and open the "Sites" folder tree
  2. Open the "Default Web Site" folder tree
  3. Select em5
  4. Double-click SSL Settings
  5. Enable the Require SSL checkbox
  6. Click Apply
  7. Repeat steps 3 to 6 for the following virtual directories:
    • analytics
    • ChartImages
    • configuration
    • identity
    • OpenAuthoring5
    • perception5
    • portal
    • qm2golms5
    • qmwise5
    • scoringtool5
    • <repository_name>_con
    • <repository_name>_res
    • <repository_name>_togo

    ...where <repository_name> in the name you set when creating your shared repository.

  8. Make sure the following virtual directories do not have SSL enabled:
    • analyticsservice
    • configurationservice
    • etlconfigurationservice
    • peopleidentitymanager
    • perceptionidentitymanager
    • perceptionidentityprovider
    • qabs
  9. Select the identity virtual directory
  10. Double-click Application Settings
  11. Change the ForceHttps setting to True
  12. Repeat steps 9 to 11 for the portal virtual directory

You can also:

Enable SSL for Enteprise Manager

If you want to enable SSL for Enterprise Manager only, so that all communication to and from Enterprise Manager is encrypted, follow the following steps:

  1. Configure your Perception server (or the server on which Enterprise Manager is installed) for SSL
  2. Launch Internet Information Services (IIS)
  3. Expand the Default Web Site folder tree
  4. Select em5
  5. Double-click SSL Settings
  6. Check the Require SLL checkbox
  7. Click Apply
  8. Use https:// with your Enterprise Manager URL
Update the server settings to use HTTPS

You will need to change the Server Settings to use HTTPS and the qpla.ini file.

To update the Server Settings:

  1. Login to Enterprise Manager using a user who has permissions to modify the server settings
  2. Navigate to Administration | Server Management | Server Settings
  3. Navigate to the following setting:

    • Perception Server (it can be found in the Server Settings | Global Settings section)
  4. This setting will need to be updated to contain the address of the Perception server. This could be the computer name, for example, if you are running it on an internal intranet, or a valid domain name if you intend participants to access Perception via the internet. If you want to use SSL, enter the address name using HTTPS. For example:

    • https://MyPerceptionServer or https://questionmark.com

    If you intend to run your HTTPS connection through a particular port in IIS, then this can be added by appending a colon (:) followed by the port number. For example:

    • https://MyPerceptionServer:8081
  5. Repeat step 4 for the following two settings, also in Global Settings:
    • QPLA Server - set this to the same HTTPS URL you used in step 4
    • Repository Server - set this to the same HTTPS URL you used in step 4
  6. Set the QABS Server setting, also in Global Settings, to the HTTP (not HTTPS) URL of the server. For example:
    • http://MyPerceptionServer
  7. Click Save and Exit to apply the changes