Configuring the Truststore
Important:This section applies only if you are using the dummy certificate supplied by FlexNet Manager for Engineering Applications.
To enable the command flexnet stop (to stop FlexNet Manager for Engineering Applications) to work properly, you must instruct the client jboss-cli.bat where and how to find the Flexera self-signed “dummy” certificate from its truststore.
You will need the values for the SSL Keystore Location and the SSL Truststore Location settings, from the FlexNet Manager for Engineering Applications Configurator.
Note the following:
|
•
|
This process must be run for all FlexNet Manager for Engineering Applications installations—Microsoft Windows and Linux. |
|
•
|
You must complete this task for both the Admin and the Reporting servers. |
To instruct the client jboss-cli.bat where to find the dummy truststore certificate:
|
1.
|
Find the values for the SSL Keystore Location and the SSL Truststore Location settings by doing the following: |
|
a.
|
Open a Command Prompt window, and navigate to the installation directory for the Admin/Reporting server. |
|
b.
|
Launch the FlexNet Manager for Engineering Applications Configurator by typing the command: |
flexnet site
|
c.
|
Click Next to move through the Configurator panels until you come to the Secure Server Settings panel, and note the following values: |
|
•
|
SSL Keystore Location—This is the location of the keystore file. |
|
•
|
SSL Truststore Location—This is the location of the truststore file. |
|
d.
|
Click Cancel to exit the Configurator. |
|
2.
|
Navigate to the file jboss-cli.xml (located in <admin/reporting_install_directory>\site\server\bin), and open the file in a text editor. |
|
3.
|
At the end of the XML file, find the following section: |
<ssl>
<alias>keystoreAlias</alias>
<trust-store>C:\Program Files\Java\jvm1.8.0_65\jvm\lib\security\cacerts</trust-store>
<trust-store-password>changeit</trust-store-password>
</ssl>
|
4.
|
Ensure that the value for <trust-store> is the same as the value specified for the SSL Truststore Location setting in the Configurator. Contact the Flexera Support Team in either of the following cases: |
|
•
|
The file jboss-cli.xml does not contain a <ssl> section. |
|
•
|
The <trust-store> value differs from the value specified in the SSL Truststore Location setting. |
|
5.
|
Close the jboss-cli.xml file. You do not need to make any changes to the file. |
|
6.
|
Extract the Flexera certificate from the keystore file. |
|
a.
|
Navigate to the location where the keystore file is located. (This was the value from the SSL Keystore Location setting.) |
|
b.
|
Extract the certificate by typing the following command (using the password flexnet): |
keytool -export -alias tomcat -file fnmea.cer -keystore keystore
After you run this command, the file fnmea.cer is the dummy certificate.
|
c.
|
Copy the file fnmea.cer into the folder where the truststore is located, using the following command: |
copy fnmea.cer <truststore location>
|
d.
|
Import the file fnmea.cer into the truststore using the following command (using the typical Java JVM installation password changeit): |
keytool -import -trustcacerts -file fnmea.cer -alias tomcat -keystore cacerts
This step is necessary if:
|
•
|
You want to point to a central repository of keystores or truststores maintained by your organization |
|
•
|
You load a new certificate into the default truststore and need to configure its new location |
To configure FlexNet Manager for Engineering Applications Admin with a certificate for the SSL server to which you want Admin to connect:
|
1.
|
Stop FlexNet Manager for Engineering Applications Admin. |
|
•
|
To stop Admin from the command line, navigate to the Admin installation location, then type the command: flexnet stop |
|
•
|
If you configured Admin to run as a Windows service, you can stop the service from the Windows Services pane. |
|
2.
|
To reconfigure FlexNet Manager for Engineering Applications Admin and then re-create the site directory: |
|
a.
|
Open a Command Prompt window and change to the admin_install_directory. |
|
b.
|
Type the command: flexnet site. The Admin Configurator appears. |
|
c.
|
On the first pane of the Configurator, select the Show Advanced Settings check box and then click Next twice to advance to the third pane. Edit the settings: |
|
•
|
Modify the SSL Truststore Location setting to match the location where the truststore containing the SSL server’s certificate is located. |
|
•
|
In the SSL Truststore Password field, enter and confirm the truststore password. By default, the password from the FlexNet Manager for Engineering Applications Admin JVM is changeit. |
|
d.
|
Click Next through to the last pane, and then click Finish. When the Configurator window closes, the site directory is re-created. |
|
3.
|
After the site directory is re-created, restart FlexNet Manager for Engineering Applications Admin. |
|
•
|
To start Admin from the command line, navigate to the Admin installation location, then type the command: flexnet start |
|
•
|
If you configured Admin to run as a Windows service, you can start the service from the Windows Services pane. |