Configuring SSL

Applies to the following products: 
Questionmark Perception
Applies to the following Perception versions: 
Perception 5.2
Perception 5.1

On a normal web server, communications between browser and server are not encrypted. If someone were able to intercept these communications, they would be able to see the information sent from server to browser and vice versa. SSL (Secure Sockets Layer) is a protocol that encrypts this communication, so that if someone were to intercept it, they would not be able to read it (unless they can break the encryption).

Many users of Perception do not need the security that SSL provides, but if you do, and have set up your web server to use SSL, it is easy to run Perception under SSL. You can use SSL with Enterprise Manager and participant-facing software, but not with Authoring Manager. It is recommended that if you have installed Perception in a multi-tiered environment that you enable the Presentation tier and Business Logic tier to use SSL.

If Perception Server will be run using SSL the following components will need to be configured to use SSL:

  • Open.php and perception.php
  • Enterprise Manager
  • QMWISe

If you are using Perception with other features that use SSL you will need to make some additional setting changes. Perception can communicate using SSL with the following services:

  • SMTP
  • LDAP

Refer to the following sections for more information:

Enabling PHP to use SSL

PHP must be enabled to use SSL. This is done by loading the PHP extension OpenSSL. The following section describes how to enable the OpenSSL extension.

Please refer to the following link from www.php.net before attempting to add the OpenSSL extension.

To add the OpenSSL extension:

  1. On the server where QPLA is installed navigate to the folder where PHP was installed to. By default this is: C:\PHP
  2. Open the file PHP.INI using an ASCII text editor such as Notepad
  3. Locate the following section in the file:
    ; Windows Extensions
    
  4. Add the line extension=php_openssl.dll
  5. Save the file
  6. Restart IIS

The file should now look similar to the following:

; Windows Extensions
extension=php_openssl.dll

PHP has now been configured to use SSL. Complete the steps below to allow Perception to work with SSL.

Changing the server settings

To allow Perception to use SSL you will need to make changes to the server setting, they can be accessed from the Server Settings page in Enterprise Manager. To access the Server Setting page:

  1. Navigate to Enterprise Manager
  2. Log in using an administrative user with permissions to alter the server settings
  3. Click System Administration | Server Management | Server Settings

    You can now make the necessary changes to the server settings to use SSL.

Once you have finished making the necessary changes scroll to the bottom of the screen and click Save & Exit.

Using SSL with Perception

If you intend to use Perception with SSL you will need to change the following settings so that they use the HyperText Transfer Protocol over Secure Socket Layer (HTTPS) rather than the normal method (HTTP).

To use SSL locate the following setting in the Server Settings page of Enterprise Manager and enter the server address.

Server Settings -> Global Settings -> Perception Server

This setting will need to be updated to contain the address of the Perception Server. This could be the computer name, for example, if you are running it on an internal intranet or a valid domain name if you intend participants to access Perception via the Internet. If you want to use SSL enter the address name using HTTPS. For example,

https:\\MyPerception_Server or https:\\questionmark.com

If you intend to run your HTTPS connection through a particular port in IIS then this can be added by appending a colon (:) followed by the port number. For example,

https:\\MyPerceptionServer:8081

Updating the QPLA.ini file

You will also need to update the QPLA.ini file. This can be located in the following default folders:

Windows:

C:\Program Files\Questionmark\QPLA\

Linux:

  • Ubuntu Server - /var/www/Perception5/
  • RedHat Enterprise Linux - /var/www/html/Perception5/
  • SUSe Linux Enterprise - /srv/www/htdocs/Perception5/

You will need to ammend the QPLA.ini file so that the following settings are also aware of the HTTPS settings:

Setting Description
messageServiceURL The address of the QABS service will need to be changed to use https
repositoryServer If you are using a multi-tiered installation the address of the Repository Server will need to be set and https added to the URL
systemDirectory If you are using a multi-tiered installation the address of the System Directory will need to be set and https added to the URL
useHttps The useHttps setting will need to be set to 1 to ensure QPLA knows that SSL is being used

Using Perception with other services using SSL

If SSL is used to secure communications with other services you want to use with Perception you will need to make the necessary changes for this to occur. The following services can be used with Perception if they are using SSL:

  • SMTP email services
  • LDAP authentication services

To make the necessary changes for the server settings refer to the table below:

Service Setting section Setting name Description
SMTP Customer setting - SMTP Settings SSL Place a check in the SSL check-box to enable Perception to communicate with the email server indicated in SMTP serverusing secure communications.
Server settings - Server SMTP settings SSL Place a check in the SSL check-box to enable Perception to communicate with the email server indicated in SMTP serverusing secure communications.
LDAP Customer settings - LDAP Settings LDAPS Place a check in the LDAPS check-box to enable Perception to communicate with the LDAP server indicated in LDAP Hostusing secure communications.
Server settings - Server LDAPS Settings LDAPS Place a check in the LDAPS check-box to enable Perception to communicate with the LDAP server indicated in LDAP Host using secure communications.