FlexNet Operations Cloud - Digital Certificates
This article explains how to install and configure digital certificates for use with the FlexNet Operations application based on your particular requirements and environment. This section contains the following topics:
- Exporting a Digital Certificate
- Trusting a Certificate in a Java Environment
Exporting a Digital Certificate
However you choose to integrate with FlexNet Operations using the API, you need to export the digital certificates from FlexNet Operations to communicate securely using SSL. You must first decide whether your solution will trust all digital certificates in the certificate chain, or only the root certificate authority. Different solutions require different trust strategies. You must identify how the certificates must be trusted for your solution.
The primary decision point in trusting the certificates for the Producer Portal is whether to trust all certificates in the chain. Many solutions are designed to trust all certificates under the root issuing authority. Depending on your security requirements, you may want to additionally trust the certificate from the Producer Portal. The added benefit to trusting the Producer Portal certificate is increased security. However, the Producer Portal certificates expire, which requires you to take action to update the certificate store. Under some integration scenarios, you must trust both the issuing root authority and the Producer Portal certificate, regardless of your preference.
FlexNet Operations UAT and Production server certificates are issued by a certificate authority. Therefore, if you are relying on trusting the root authority, you only need to export the certificate once. You can do this from either the UAT or Production environment. If you need both certificates in the chain, you must export three certificates:
- The digital certificate
- The FlexNet Operations UAT certificate
- The FlexNet Operations Production certificate
The easiest way to export a digital certificate is to use a wizard provided with Microsoft’s Internet Explorer. (The instructions, below, export the UAT server certificate.)
To export a digital certificate:
- Open an Internet Explorer window and enter the following URL (For example: https://manageruat.flexnetoperations.com).
- Click the yellow padlock icon next to the address bar then click View Certificate. A window appears displaying the certificate.
- Select the Details tab.
- Click Copy to File. The Certificate Export Wizard appears.
- Click Next.
- Select the appropriate format of certificate distribution for your integration.
Note: You must consult the documentation of your solution for this information. It is possible to export all the certificates in the path, depending on the formats your solution supports.
- Click Next.
- Select a file location for exporting the certificate. Name the file with a .cer extension. If you are doing this for a different certificate, name it appropriately.
- Click Next.
- Verify your choices.
- Click Finish. A message appears indicating the export was successful.
- Click OK.
- Close the Certificate dialog box. You will now need to import this certificate so your solution trusts the FlexNet Operations application.
Trusting a Certificate in a Java Environment
The Java programming language relies on the concept of a Java keystore to trust digital certificates. The creation and manipulation of these stores is done using a Java utility known as the keytool. You will use this utility to create a keystore that your Java solution can trust. Before continuing with the examples provided here for using the keytool utility, you may want to consider using Sun’s treatment of the keytool utility. A full description of this utility is provided at the following URL: http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.