How to generate a new self-signed certificate for the Foglight Management Server (4378707)

How to generate a new self-signed certificate for HTTPS connections to the Foglight Management Server?

Complete the steps below to generate a new self signed certificate; to use an externally signed certificate refer to What are the steps required to use an external signed certificate in the Foglight Management Server? (4254114).

1. Backup the existing $FMS_HOME/config/tomcat.keystore
2. Since Foglight already ships with a self-signed certificate, there is an existing keystore that was created when the certificate was created and needs to be deleted.

   $FMS_HOME/jre/bin/keytool -keystore $FMS_HOME/config/tomcat.keystore -storepass nitrogen -delete -alias tomcat

3. Create the self-signed certificate by generating a new key.

   $FMS_HOME/jre/bin/keytool -keystore $FMS_HOME/config/tomcat.keystore -storepass nitrogen -alias tomcat -keyalg RSA -keysize 2048 -genkeypair -validity [number of days] -dname "CN=[your_fmsserver_dns_name],OU=[your_organizational_unit_name],O=[your_organization_name],L=[your_city_name],ST=[your_state_name],C=[your_two-letter_country_code]" -ext SAN=dns:[your_fmsserver_dns_name],ip:[your_fmsserver_ip]

   Example:

   $FMS_HOME/jre/bin/keytool -keystore $FMS_HOME/config/tomcat.keystore -storepass nitrogen -alias tomcat -keyalg RSA -keysize 2048 -genkeypair -validity 730 -dname "CN=servername.domain.com,OU=IT,O=Your Company,L=Your City,ST=Your State,C=US" -ext SAN=dns:servername.domain.com

4. Restart the Foglight Management Server.
5. You should now have a self-signed certificate for use with your FMS. Please note that when using self-signed certificates with FglAM, you have to configure FglAM to allow self-signed certificates, otherwise connectivity will be lost.