Chat now with support
Chat mit Support

Foglight for Exchange 6.1.0 - Foglight for Office 365 User Guide

Getting started with Foglight for Office 365 Administering monitoring agents and collected data Monitoring your environment Foglight for Office 365 views

Managing certificates for FMS

Use the keytool utility shipped with Foglight to create, import, or export certificates. This utility can be found at: <foglight_home>\jre\bin\keytool.

There are two FMS running modes:
None-FIPS (Federal Information Processing Standards) mode
FIPS-compliant mode

Managing certificates for FMS in non-FIPS mode

The KeyStore Foglight used under non-FIPS mode is located at: <foglight_home>/jre/lib/security/cacerts (default password: changeit)

Add a certificate

Use the keytool command in FMS JRE located in <foglight>/jre/bin

keytool -import -trustcacerts -alias "<alias>" -file "<certificate path>" -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit
Validate the certificate and ensure the following:
It is not expired.
It is an X.509 format.
Change the following before executing the command:
<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.
<foglight_home>: The folder path where the Foglight is installed.
<certificate path>: Your custom certificate path.
List installed certificates

keytool -list -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit

Delete a certificate

Remove a certificate referred to by an alias.

keytool -delete -alias <alias> -keystore <foglight_home>/jre/lib/security/cacerts -storepass changeit

A full example for managing certificate for FMS in non-FIPS mode
Add example certificate into FMS Certificate Store in non-FIPS mode
C:\Quest\Foglight\jre\bin> .\keytool.exe -import -trustcacerts -alias fveqaca -file "C:\caca.cer" -keystore C:\Quest\Foglight\jre\lib\security\cacerts -storepass changeit
Owner: CN=CA, DC=ca, DC=local
Issuer: CN=CA, DC=ca, DC=local
Serial number: xxxxxxxxxxx
Valid from: Mon Jun 15 10:56:05 CST 2015 until: Mon Sep 23 14:58:03 CST 2047
Certificate fingerprints:
MD5: xxxx
SHA1: xxxx
SHA256: xxxx
.....
Trust this certificate? [no]: yes
Certificate was added to keystore

Managing certificates for FMS in FIPS-compliant mode

The KeyStore Foglight used in FIPS-compliant mode is located at: <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen)

Add a certificate in FIPS-compliant mode

Use the keytool command in FMS JRE located in <foglight>/jre/bin.

keytool -import -trustcacerts -alias "<alias>" -file "<certificate path>" -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen
Validate the certificate and ensure the following:
It is not expired.
It is an X.509 format.
Change the following before executing the command
<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.
<Foglight_home>: The folder path where Foglight is installed.
<certificate path>: Your custom certificate path.
List installed certificates

keytool -list -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

Prints out a list of certificates and the aliases that refer to them.

Refer to the example output below:

Keystore type: BCFKS
Keystore provider: BCFIPS
Your keystore contains 151 entries
camerfirmachambersignca [jdk], Dec 18, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C
entrust2048ca [jdk], Dec 18, 2019, trustedCertEntry
Delete a certificate

Remove a certificate referred to by an alias.

keytool -delete -alias <alias> -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

A full example for managing certificate for FMS in FIPS-compliant mode
Add example certificate into FMS certificate store in FIPS-compliant mode

C:\Quest\Foglight\jre\bin>keytool -import -trustcacerts -alias "Evolve-Test" -file "D:/Evolve-test.crt" -keystore "C:/Quest/Foglight/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "C:/Quest/Foglight/server/core/bc-fips.jar" -storepass nitrogen

Owner: CN=CA, DC=ca, DC=local

Issuer: CN=CA, DC=ca, DC=local

Serial number: xxxx

Valid from: Sun Jan 06 23:07:06 CST 2019 until: Wed Apr 06 23:07:06 CST 2022

Certificate fingerprints:

...

 

Extensions:

...

Trust this certificate? [no]: yes

Certificate was added to keystore

Monitoring your environment

The Monitoring tab of the Office 365 Environment dashboard displays a summary of the Exchange Online services and the ADFS services (Active Directory® Federation Services) being monitored and their current state. It show performance and availability metrics provided by the Microsoft® Exchange online (SaaS).

This section includes the following topic:
Accessing the Monitoring tab
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen