This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure Flexnet Operations On-Premises with SSL

How to configure Flexnet Operations On-Premises with SSL

Summary

This article will explain how to create a keystore that can be used with Flexnet Operations to enable SSL.

Synopsis

In order to create a keystore it is assumed that you have created the PFX file. The steps below will explain how to import the PFX file into the keystore for FlexNet Operations On-Premises.

 

Discussion

Steps to create the keystore for Flexnet Operations

1. First step is to import the given PFX file (PKCS format) into the keystore that will be used by the FNO application.

Note: Keytool.exe manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates and is part of the Java installation. Please refer to the article below for more information on this....

https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

keytool.exe -importkeystore -srckeystore ServerCertificate.pfx -srcstoretype pkcs12 -srcstorepass <password> -destkeystore FlexeraKeyStore.jks -deststoretype JKS

The following output should be displayed:
  • Enter destination keystore password:
  • Re-enter new password:
  • Entry for alias le-0a9b7c02-2830-41bb-b46e-43ee80646aac successfully imported.
  • Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
2. The next step is to isolate the certificate chain used to validate the certificate and put this into the truststore. You could use a separate truststore or add the certificate to the JDK's keystore. The second approach is more preferable, so this is what is used below.
  • Convert the PFX file to PEM format and make sure we transport the certificates into the PEM file
Note: OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Please refer to the article below for more information and how to download....

https://www.openssl.org/source/
  • openssl pkcs12 -in ServerCertificate.pfx -out Keystore.pem -nodes
  • Enter Import Password:
  • MAC verified OK
3. The next step is to convert this PEM file to X509 format.
  • openssl x509 -outform der -in Keystore.pem -out flexera.der
4. The final step is to import this X509 certificate into the JDK's keystore.
  • keytool.exe -import -alias flexera-alias -keystore "C:\cacert\FlexeraKeystore.jks" -file flexera.der
  • Enter keystore password:
  • Trust this certificate? [no]: yes
  • Certificate was added to keystore
Steps to configure Flexnet Operations to use the created keystore
  • Go to flexnet-setup: e.g. http://localhost:4321/flexnetsetup
  • Stop FNO server
  • Undeploy FNO and all applications
  • Go to FNO_HOME\components\wildfly\standalone\logs and clean up the logs (This step will be beneficial later)
  • Go to the 'Advanced' tab
  • Change the keystore to the location of the keystore, e.g. "C:\certs\FlexeraKeyStore.jks"
  • Add the password assigned to the keystore.
  • Save the configuration
  • Deploy FNO.
  • Start server
Once the server is up, look at the server.log to find out if there are any key specific errors.
Was this article helpful? Yes No
No ratings
Comments
jhurder
‎May 16, 2019 09:15 AM
‎May 16, 2019 09:15 AM
In Step 4, the -keystore parameter is specified as "C:/cacert" with no filename...was this intended to be FlexeraKeystore.jks?
jmcmillan
Revenera
‎May 30, 2019 10:51 AM
‎May 30, 2019 10:51 AM

Dear @jhurder,

You are correct, this should state "C:\cacert\FlexeraKeystore.jks". 

Thanks for pointing this out. 

Kind regards,
Joe

 

 

jhurder
‎May 30, 2019 12:49 PM
‎May 30, 2019 12:49 PM
Thanks Joe - I did this and it seems to work correctly. The only other edit I think might be in order is that when you import the .der file into the .jks, keytool will warn you that the certificate already exists in the store and to confirm that you want to overwrite it. I did overwrite the cert and seems to work correctly. Thanks for your post, it was extremely helpful for this native .NET/Windows admin to enable HTTPS on my FNO instance.
Version history
Last update:
‎Jun 18, 2024 12:07 PM
Updated by:
Revenera
Contributors