cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FlexNet Operations Cloud - Digital Certificates

FlexNet Operations Cloud - Digital Certificates

This article explains how to install and configure digital certificates for use with the FlexNet Operations application based on your particular requirements and environment. This section contains the following topics:

  • Exporting a Digital Certificate
  • Trusting a Certificate in a Java Environment
  • Keeping SSL Certificate Information on Local License Servers in Sync with Certificate Updates in FlexNet Operations Cloud

Exporting a Digital Certificate

However you choose to integrate with FlexNet Operations using the API, you need to export the digital certificates from FlexNet Operations to communicate securely using SSL. You must first decide whether your solution will trust all digital certificates in the certificate chain, or only the root certificate authority. Different solutions require different trust strategies. You must identify how the certificates must be trusted for your solution.

The primary decision point in trusting the certificates for the Producer Portal is whether to trust all certificates in the chain. Many solutions are designed to trust all certificates under the root issuing authority. This is the preferred method and will allow your integration to continue to work after the certificate is renewed each year. Some customers choose to additionally trust the certificate from the Producer Portal to increase security. However, when the certificate is renewed on an annual basis, this requires you to take action to update the certificate store. With current SSL policy changes to require more secure connections and more frequent certificate renewals, this method is no longer valid.

FlexNet Operations UAT and Production server certificates are issued by a certificate authority. Therefore, if you are relying on trusting the root authority, you only need to export the certificate once. You can do this from either the UAT or Production environment. If you need both certificates in the chain, you must export three certificates:

  • The digital certificate
  • The FlexNet Operations UAT certificate
  • The FlexNet Operations Production certificate

The easiest way to export a digital certificate is to use a wizard provided with Microsoft’s Internet Explorer. (The instructions, below, export the UAT server certificate.)

To export a digital certificate:

  1. Open an Internet Explorer window and enter the following URL (For example: https://manageruat.flexnetoperations.com).
  2. Click the yellow padlock icon next to the address bar then click View Certificate. A window appears displaying the certificate.
  3. Select the Details tab.
  4. Click Copy to File. The Certificate Export Wizard appears.
  5. Click Next.
  6. Select the appropriate format of certificate distribution for your integration.
    Note: You must consult the documentation of your solution for this information. It is possible to export all the certificates in the path, depending on the formats your solution supports.
  7. Click Next.
  8. Select a file location for exporting the certificate. Name the file with a .cer extension. If you are doing this for a different certificate, name it appropriately.
  9. Click Next.
  10. Verify your choices.
  11. Click Finish. A message appears indicating the export was successful.
  12. Click OK.
  13. Close the Certificate dialog box. You will now need to import this certificate so your solution trusts the FlexNet Operations application.

Trusting a Certificate in a Java Environment

The Java programming language relies on the concept of a Java keystore to trust digital certificates. The creation and manipulation of these stores is done using a Java utility known as the keytool. You will use this utility to create a keystore that your Java solution can trust. Before continuing with the examples provided here for using the keytool utility, you may want to consider using Sun’s treatment of the keytool utility. A full description of this utility is provided at the following URL: http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.

Keeping SSL Certificate Information on Local License Servers in Sync with Certificate Updates in FlexNet Operations Cloud

The SSL certificate for FlexNet Operations Cloud is updated annually. Periodically the intermediate (about every 10 years) and root (about every 20 years) certificates are also updated. The FlexNet Embedded local license server relies on the intermediate and root certificate chain to communicate with FlexNet Operations Cloud. For information about keeping a local license server synchronized with future certificate updates in FlexNet Operations Cloud, see the following article:
Best Practice: Keeping SSL Certificate Information on Local License Servers Synchronized with FlexNet Operations Cloud

Labels (2)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Apr 27, 2022 10:12 AM
Updated by:
Contributors