1. When we use the FlexNet License Administrator web portal, Administration -> Server Configuration -> Secure Web Server Configuration,we can replace the default HTTPS certificate and private key via this form.Are any other actions required such as restarting the License Server to make the new certificate and key active? Yes ,the license server has to be restarted ,ensure that the http/https ports and the licensing ports (required by lmadmin) and the vendor daemon ports are opened on the firewall, so that remote clients can checkout licenses and the HTTP clients/browsers can connect to the lmadmin web GUI. To set the port Set from UI—Specify for HTTPS Port (located under the Secure Web Server Configuration heading on the Server Configuration tab on the Administration page).Configures the TCP/IP port (five characters maximum) that the lmadmin web server uses to listen for HTTPS (HTTP-over- SSL) communication. If you change the port, you must stop and restart the license server.
2. Once the default key and certificate have been replaced, the customer wants to remove the default server.crt and server.key files from the system.Should this cause any issues? The server.key is used for https communication. we can change the location of RSA key and certificate file location by modifying the below configuration in file(conf\server.xml).
<webServer certificateFile="D:\Kits\server.crt" certificateKeyFile="D:\Kits\server.key" documentRoot="web" logRoot="logs" maxRequestSize="4" maxThreads="10" pageSize="20" port="8090" redirectHTTP="false" securePort="8095"> If you are using your own key and certificate file then you can safely remove server.key from the installation.
3. Do the customer supplied certificate and key files need to reside in the License Server folder or config subdirectory ,or is it possible to reference other locations for these files?
we can change the location of RSA key and certificate file location by modifying the below configuration infile(conf\server.xml). <webServer certificateFile="D:\Kits\server.crt" certificateKeyFile="D:\Kits\server.key" documentRoot="web" logRoot="logs" maxRequestSize="4" maxThreads="10" pageSize="20" port="8090" redirectHTTP="false" securePort="8095"> If you are using your own key and certificate file then you can safely remove server.key from the installation.These files have no impact on lmadmin functionality while importing from old to new.
4. Does the user have any need to manually edit XML files to perform a certificate change, or is all required editing performed by the FlexNet License Administrator web portal? server.xml will reflect the values chosen during installation.
User Accounts In examining the server.xml file, there are two user account already present in the original file included in the FNP download, one "admin" account and one "alerter" account. The "alerter" account is not visible throught the web page. 1.What is the purpose of this user account? This is just a default account and can be removed ,The correct approach would be to add the required admin users(using 'lmadmin -useradd') and remove the default users(like admin) using 'lmadmin -userdel' command instead of directly editing the Server.xml file.
2.Is it possible for the customer to change the password on this account? You can edit the users and password using the lmadmin command line options .Pleaes refer to section "Command-Line lmadmin Options for Installers" from the development environment guide and "lmadmin Command-line Arguments" in the fnp_licadmin guide . To view all available lmadmin options, run lmadmin -help from the command line
3.What capabilities do “admin.alerter” privileges grant? It is used for email alerter service.The 'local-alerter' account can be removed, provided if 'lmadmin Alerter Service' is not desired.It will not affect the 'lmadmin' Alert functionality. Please refer the "Creating an lmadmin Alerter Service" section in fnp_LicAdmin document
4. User account named “lmadmin” Is this a user account? If a user account, can it be disabled? All users ,password and roles can be modified as suggested above using the "lmadmin Command-line Arguments" in the fnp_licadmin guide