This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configure a CA Certificate for FlexNet Manager for Engineering Applications Admin and Reporting services

1. Create a folder and share.
Perform the steps below on the Admin Server.

a. Create a folder called E:\FLEXnet\certs.

b.Create a file share named Certs in the E:\FLEXnet\certs folder. Ensure you have write-access to the folder.

2. Generate a Reporting Server encryption key and self-signed certificate.
Open a PowerShell command prompt as an administrator on the Reporting Server and perform the following steps.

a. Open the FNMEA install directory.
cd E:\FLEXnet\manager\reporting

b. Delete the existing keystore.
rm ".\release\platform\bin\keystore"

c. Run the following command to generate a self-signed key pair in a new keystore, where {Admin Server FQDN} is the name of the shared path you created in step 1.
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -genkeypair -alias "tomcat" -keyalg RSA -validity 7300 -keypass "flexnet" -dname "CN={Reporting Server FQDN},OU=IT,O=test,L=test,S=Stest,C=com" -keysize 2048

3. Generate an Admin Server encryption key and self-signed certificate.
Open a PowerShell command prompt as an administrator on the Admin Server and perform the following steps.

a. Open the FNMEA install directory.
cd E:\FLEXnet\manager\admin

b. Delete the existing keystore.
rm ".\release\platform\bin\keystore"

c. Run the following command to generate a self-signed key pair in a new keystore, where {Admin Server FQDN} is the name of your Admin Server and {Admin Server DNS Alias} is the IP address of the Admin Server.
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -genkeypair -alias "tomcat" -keyalg RSA -validity 7300 -keypass "flexnet" -dname "CN={Admin Server FQDN},OU=IT,O=test,L=test,S=test,C=test" -ext "SAN=dns:{Admin Server DNS Alias}" -keysize 2048

4. Generate the Admin Server certificate authority signing request.
Open a PowerShell command prompt as administrator on the Admin Server and perform the following steps.

a. Open the FNMEA install directory.
cd E:\FLEXnet\manager\admin

b. Run the following command to generate a certficate signing request.
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -certreq -keyalg RSA -alias tomcat -file "\\{Admin Server FQDN}\certs\admin.csr"

5. Generate the Reporting Server certificate authority signing request.

Open a PowerShell command prompt as administrator on the Reporting Server and perform the following steps.

a. Change to the FNMEA install directory
cd E:\FLEXnet\manager\reporting

b. Run the following command to generate a certficate signing request.
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -certreq -keyalg RSA -alias tomcat -file "\\{Reporting Server FQDN}\certs\admin.csr"

6. Get the Admin Server and Reporting Server certificates signed by a Certification Authority (CA).

7. Import the CA-signed Admin Server certificate into the Admin Server keystore.
Perform the following tasks on the Admin Server to complete the Admin Server certificate CA signing process.

a. Extract and import the root CA certificate.

i. Double-click on \\{Admin Server FQDN}\certs\admin_signed.cer

The certificate properties dialog for the Admin Server certificate will open.

ii. In the Certification Path tab select the root certificate.

iii. Click on View Certificate to open the root certificate.

iv. In the Details tab of the root certificate choose Copy to File.

v. Follow the Certificate Export Wizard prompts to save the root certificate as follows:
- Base-64 encoded X.509 (.CER)
- File Path: \\{Admin Server FQDN}\certs\admin_root.cer

b. Extract the intermediate CA certificate.

i. Double-click on \\{Admin Server FQDN}\certs\admin_signed.cer
The certificate properties dialog for the Admin Server certificate will open.

ii. In the Certification Path tab select the intermediate certificate.

iii. Click on the View Certificate button to open the intermediate certificate.

iv. In the Details tab of the intermediate certificate choose Copy to File.

v. Follow the Certificate Export Wizard prompts to save the intermediate certificate as follows:

- Base-64 encoded X.509 (.CER)

- File Path: \\{Admin Server FQDN}\certs\admin_intermediate.cer

c. Open a PowerShell command prompt as an administrator and run each of the following commands in the order below to import the certificates into the Admin Server keystore:
cd E:\FLEXnet\manager\admin

.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -import -trustcacerts -alias "root" -file \\{Admin Server FQDN}\certs\admin_root.cer

.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -import -trustcacerts -alias "intermediate" -file \\{Admin Server FQDN}\certs\admin_intermediate.cer

.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -import -trustcacerts -alias "tomcat" -file \\{Admin Server FQDN}\certs\admin_signed.cer

8. Export the Admin Server certificate.
Open a PowerShell command prompt as an administrator on the Admin Server and perform the following steps.

a. Open the FNMEA install directory.
cd E:\FLEXnet\manager\admin

b. Run the following command to export the Admin Server certificate.
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -alias "tomcat" -exportcert -file "\\{Admin Server FQDN}\certs\admin.cer"

9. Import the CA-signed Reporting Server certificate into the Reporting Server keystore.
Perform the following tasks on the Reporting Server to complete the Reporting Server certificate CA signing process.

a. Extract and import the root CA certificate.

i. Double-click on \\{Reporting Server FQDN}\certs\admin_signed.cer
The certificate properties dialog for the Reporting Server certificate will open.

ii. In the Certification Path tab select the root certificate.

iii. Click on View Certificate to open the root certificate.

iv. In the Details tab of the root certificate choose Copy to File.

v. Follow the Certificate Export Wizard prompts to save the root certificate as follows:

- Base-64 encoded X.509

- File Path: \\{Reporting Server FQDN}\certs\admin_root.cer

10. Export the Reporting Server certificate.
Open a PowerShell command prompt as an administrator on the Reporting Server and perform the following steps.

a. Open the FNMEA install directory.
cd E:\FLEXnet\manager\admin

b. Run the following command to export the Reporting Server certificate.
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -alias "tomcat" -exportcert -file "\\{Admin Server FQDN}\certs\reproting.cer"

11. Import certificates into the Admin Server truststores.
Perform the steps below on the Admin Server.

a. Open a PowerShell command prompt as an administrator.

b. Open the FNMEA install directory.
cd E:\FLEXnet\manager\admin

c. Run the following commands:
.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -import -alias reporting -file "\\{Admin Server FQDN}\certs\reporting.cer" -trustcacerts -noprompt

.\jvm\bin\keytool.exe -keystore ".\jvm\lib\security\cacerts" -storepass "changeit" -import -alias reporting_root -file "\\{Admin Server FQDN}\certs\ reporting_root.cer" -trustcacerts -noprompt

.\jvm\bin\keytool.exe -keystore ".\jvm\lib\security\cacerts" -storepass "changeit" -import -alias reporting_intermediate -file "\\{Admin Server FQDN}\certs\ reporting_intermediate.cer" -trustcacerts -noprompt

12. Import certificates into the Reporting Server truststores.
Perform the steps below on the Reporting Server.

a. Open a PowerShell command prompt as an administrator.

b. Open the FNMEA install directory.
cd E:\FLEXnet\manager\reporting

c. Run the following commands:

.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -import -alias admin_root -file "\\{Reporting Server FQDN}\certs\admin_root.cer" -trustcacerts -noprompt

.\jvm\bin\keytool.exe -keystore ".\release\platform\bin\keystore" -storepass "flexnet" -import -alias admin_intermediate -file "\\{Reporting Server FQDN}\certs\admin_intermediate.cer" -trustcacerts -noprompt

.\jvm\bin\keytool.exe -keystore ".\jvm\lib\security\cacerts" -storepass "changeit" -import -alias admin -file "\\{Reporting Server FQDN}\certs\admin.cer" -trustcacerts -noprompt

13. Run the following command:

.\jvm\bin\keytool.exe -keystore ".\jvm\lib\security\cacerts" -storepass "changeit" -import -alias cognos_root -file "\\{Admin Server FQDN}\certs\cognos_root.cer" -trustcacerts -noprompt

note blue light.pngNote: The third-party root CA certificate should already exist in all truststores globally. If it already exists in the the truststore, the command will fail.

 

‎Aug 04, 2022 02:19 PM - edited ‎Sep 27, 2022 12:41 PM

Was this article helpful? Yes No
No ratings
Comments
MurrayPeters
By
Level 7

I think there is an error in steps 2d, 8b and 10b as you cannot specify both commands together:   -genkeypair and -exportcert.   

I suspect you just need to remove -genkeypair as this step is intended to simply export the cert.

‎Sep 08, 2022 10:37 PM
Akshitha
By Level 6 Flexeran
Level 6 Flexeran

Thank you, @MurrayPeters, for pointing it out. I updated it. 

‎Sep 27, 2022 12:44 PM
ashish_wabtec
By
Level 2

@Akshitha - Is there any specific/dedicated document for Cognos to generate CSR file and import SSL certificate? 

‎Mar 18, 2024 11:22 AM
Version history
Last update:
‎Sep 27, 2022 12:41 PM
Updated by:
Level 6 Flexeran