Who is this article for?

IT personnel working with the Ideagen Quality Management system.

Server access & IIS administration skills are required.

Depending on the nature of your organisation and the information being transmitted by Ideagen Quality Management, you may want to configure the Ideagen Quality Management to communicate using SSL. This would normally be done if your organisation is transmitting confidential or sensitive data over a WAN.

Before enabling SSL please be aware that this type of configuration may require additional processing time in Microsoft IIS and you may find that your Ideagen Quality Management login times are slower due to the additional security.

Important Note: This article assumes that you’ve already configured the IIS Website for SSL. For steps on how to configure IIS for SSL, please refer to the official Microsoft IIS page.

This article outlines how to configure SSL for each of the key Ideagen Quality Management components:

1. Ideagen Quality Management Client
2. Ideagen Quality Management Data Portal
3. Audit Log Viewer
4. Document Retrieval Service
5. Ideagen Quality Management Word Plugin
6. Identity Server
7. Print Server
8. Ideagen Quality Management Web Client
9. Offline Audit Server
10. Offline Audit Client
11. Web Services
12. Web Reporting
13. Further Reading

Important Notes:

• Please note that some of the features mentioned above are additional license features that must be purchased. If you would like more information regarding these, please contact Ideagen Quality Management Support.
• Additionally, this manual will ask you to enter your Fully Qualified Domain Name (FQDN) where appropriate. It is important to note that this should be entered in lower case.
• Are you encrypting files? If so, please review How to Decrypt and Encrypt Ideagen Quality Management Configuration Files before you begin configuring the config files for SSL.

1. The Ideagen Quality Management Client

The Ideagen Quality Management client is the traditional fat-client application. This is usually installed on each client PC. The below steps outline how to configure the client installed on the application server so that the config files can be used as a template for deployment to client PCs.

The steps below walk through installing the client on the server for the first time. If you already have a working client on your server then please proceed directly to step 3.

To configure SSL:

1. Perform the client installation on the application server. During the installation process you will be prompted to enter the application server address. You should enter the fully qualified domain name (FQDN) assigned against your SSL Certificate in IIS. 
2. Continue with the installation.
3. Launch the client and confirm you can successfully log in.
4. Browse to the Ideagen Quality Management Client directory. By default, this is C:\Program Files (x86)\Gael Ltd\Q-Pulse.
5. Open the Q-Pulse.exe.config file with Notepad.

Important Note: If you already have the Ideagen Quality Management client installed on your server then you can update the Q-Pulse.exe.config to use the FQDN. Using find and replace, change ‘localhost’ to your FQDN path.

6. Amend the value of the CLSADataPortalUrl and DataPortalServer keys to include ‘ghttps’, in place of ‘ghttp’.

For Example:

 

7. Update each endpoint (excluding the AcademyIntegrationService) to contain ‘https’ in place of ‘http’.

For Example:

8. Update the bindingConfiguration for each binding (excluding the AcademyIntegrationService) to include ‘https’ instead of ‘http’.

 For Example:

 

9. Launch the client and confirm you can successfully log in.

Your Ideagen Quality Management Client will now be configured for SSL.

If you deploy your client using a ClickOnce or any other deployment solution then you will now have to rebuild your deployment package using the configured Q-Pulse.exe.config. For help doing this with ClickOnce then please see our article, How to Perform a Ideagen Quality Management Update Using Clickonce.

Are you encrypting files? If so, please review How to Decrypt and Encrypt Ideagen Quality Management Configuration Files before you begin configuring the config files for SSL.

2. The Ideagen Quality Management Data Portal

The data portal is the website in Microsoft Internet Information Services (IIS) responsible for facilitating client connectivity to the Ideagen Quality Management application.

The website must be fully configured for SSL before Ideagen Quality Management will connect. To configure the data portal:

1. Browse to the Ideagen Quality Management Data Portal installation location. By default this is stored in C:\intetpub\wwwroot\QPulseDataPortal.
2. Locate the web.config file and open it in Notepad.
3. Update the each of the servicebehavior attributes to show:

• • httpsGetEnabled is true
  • httpGetEnabled is false

4. Update each of the ‘mex’ bindings found in the services tag to include ‘https’ instead of ‘http’. Update bindingConfiguration to also show https.

Note: Updating the bindingConfiguration tags allows you to take advantage of the existing https bindings already created in the configuration file.

5.  In the "appSettings' section, update the Identity Server URL reference to ensure it points to 'https' rather than 'http'. 

3. Configuring the Audit Log Viewer

1. Install the Audit Log Viewer, specifying the FQDN when asked.
2. Browse to the AuditLogViewer.exe.config file and open it in Notepad. By default, this is stored in C:\Program Files (x86)\Gael Ltd\Q-Pulse Audit Log Viewer.
3. Amend the value of the CLSADataPortalUrl and DataPortalServer keys to include ‘ghttps’, instead of ‘ghttp’.

4. Configuring the Document Retrieval Service

1. Install the Document Retrieval Service, specifying your FQDN when prompted for the server path.
2. Browse to the Web.config file for the Document Retrieval Service. By default, this is stored in C:\inetpub\wwwroot\QPulseDocumentService.
3. Browse to the endpoint found between the client tags and update the link found here to go include ‘https’ instead of ‘http’.
4. Update the bassicHttpBinding to contain <security mode="Transport"/>.

5. Configuring the Ideagen Quality Management Word Plugin

1. Install the Ideagen Quality Management Word Plugin, specifying the FQDN when prompted for the server path.
2. Browse to the BacchusWord.dll.config file and open it in Notepad. By default, this is stored in the following locations:

• • C:\Program Files\Gael Ltd\Q-Pulse Word Plugin (x64)
  • C:\Program Files (x86)\Gael Ltd\Q-Pulse Word Plugin

3. Update the binding found between the basicHttpBinding tags to contain <security mode="Transport"/> before the closing tag as shown below.
4. Browse to the client endpoint directly below and update the link to use ‘https’ instead of ‘http’.

6. Configuring the Identity Server

1. Install the Identity Server, specifying the FQDN when prompted for the server path.
2. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\QPulseIdentityServer.
3. Perform a find and replace, replacing any references to ‘localhost’ with your FQDN.
4. Now find each reference to your FQDN using Ctrl + F, and update each link referencing it to use ‘https’ instead of ‘http’.
5. In the appSettings section, find the "EnableSSL" tag and change the value to true. 

Note: Step 5 is only required when running Ideagen Quality Management 7.0.0.205 or higher.

6. Update the SOAPBinding found between the basicHttpBidning tags to contain <security mode="Transport"/>.

7. Configuring the Print Server

1. Install the Print Server, specifying the FQDN when asked.
2. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\QPulsePrint.
3. Perform a find and replace, replacing any references to ‘localhost’ with the FQDN.
4. Now find each reference to the FQDN using Ctrl + F, and update each link referencing it to use ‘https’ instead of ‘http’.
5. Update the SOAPBinding found between the basicHttpBidning tags to contain <security mode="Transport"/>.

8. Configuring the Ideagen Quality Management Web Client

1. Install the Ideagen Quality Management web client, specifying the FQDN when prompted for the server path.
2. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\Qpulse.
3. Replace any references to ‘localhost’ with the FQDN.
4. Locate all references to the FQDN and update each link to use ‘https’ instead of ‘http’.
5. Update <httpCookies requireSSL="false" /> to <httpCookies requireSSL="true" />.

Note: Step 5 is only required when running Ideagen Quality Management 7.1.5.1 or higher.

9. Configuring the Offline Audit Server

Important Note: If you intend to secure Offline Audit via SSL but not the Ideagen Quality Management data portal then you can ignore step 3 in the below steps. The Offline Audit server to the data portal will not connect using SSL and so the relative binding must not have the transport tag. Therefore, the basicHttpBinding must remain as default.

1. Install the Offline Audit Server, specifying the FQDN when prompted for the server path.
2. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\QPulse5OfflineAuditServer.
3. Locate all references to the FQDN and update each link to use ‘https’ instead of ‘http’.
4. Update the httpGetEnabled tag to read as httpsGetEnabled.

5. Update each binding found between the basicHttpBinding tags to include <security mode="Transport"/>.

10. Configuring the Offline Audit Client 

1. Install the Offline Audit Client, specifying the FQDN when prompted for the server path.
2. Browse to the OfflineAudit.exe.config file and open it in Notepad. By default this is stored in C:\Program Files (x86)\Gael Ltd\Q-Pulse Offline Auditing.
3. Update the link in the config file to include ‘ghttps’, in place of ‘ghttp’.

11. Configuring the Web Services

The API Web Services are an optional component for Ideagen Quality Management. They are used for connecting mobile apps and API solutions to the Ideagen Quality Management system. As a result, it is possible to have the Web Services configured with SSL and have the Ideagen Quality Management data portal configure with or without SSL. This configuration is based entirely around your own risk assessment of your infrastructure security.

Below are the steps to secure the Web Services under both options:

11.1. SSL with Secure Dataportal

1. Install the Web Services, specifying the FQDN when prompted for the server path.
2. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\QPulse5WebServices.
3. Locate all references to the FQDN and update each link to use https instead of http.
4. Browse to the serviceBehaviors section and update all instances of httpGetEnabled to httpsGetEnabled.

5. Browse to the services section and update each mex endpoint to include mexHttpsBinding instead of mexHttpBinding.

6. Browse to the bindings section and update each binding to contain <security mode="Transport" />.

11.2. SSL with Unsecure Dataportal

1. Install the Web Services, specifying the FQDN when prompted for the server path.
2. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\QPulse5WebServices.
3. Browse to the serviceBehaviors section and update all instances of httpGetEnabled to httpsGetEnabled.

4.  Browse to the services section and update each mex endpoint to include mexHttpsBinding instead of mexHttpBinding.

5. Browse to the binding section at the bottom of the config file and then:

• • Copy the SOAP binding
  • Paste the string directly below it to create two binding strings.
  • Rename the new binding to XPOBinding.

6. Update the SOAP, Rest and JSON bindings to include the <security mode="Transport" /> tag before each closing binding.

7. Update the XPODataService endpoint (found between the client tags) so that bindingConfiguration uses the newly created XPO Binding.

12. Configuring the Web Reporting Portal 

There is no installation package for Web Reporting Portal. This is installed manually by configuring the website. The steps below assume this is already in place and functional.

Important Note: If you have not configured Web Services to use SSL then you can skip step 3.

1. Browse to the related Web.config file and open it in Notepad. By default, this is stored in C:\inetpub\wwwroot\Reporting. 
2. Locate and update all references to your application server name or IP address to use the FQDN.
3. Locate all references to the FQDN and update each link to use https instead of http.
4. Browse to the basicHttpBinding section and make sure that both bindings contain the <security mode="None"/> tag before the closing bindings.

13. Further Reading

• Getting Started with Ideagen Quality Management 7.1.5.2