Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Foglight Hybrid Cloud Manager 6.0.0 - User Guide (for Google environments)

Managing certificates for FMS in FIPS-compliant mode

Use the keytool utility shipped with Foglight to create, import, or export certificates. This utility can be found at: <foglight_home>\jre\bin\keytool.

The KeyStore Foglight used in FIPS-compliant mode is located at: <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen)

Add a certificate in FIPS-compliant mode

Use the keytool command in FMS JRE located in <foglight>/jre/bin.

keytool -import -trustcacerts -alias "<alias>" -file "<certificate path>" -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen
Validate the certificate and ensure the following:
It is not expired.
It is an X.509 format.
Change the following before executing the command
<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.
<Foglight_home>: The folder path where Foglight is installed.
<certificate path>: Your custom certificate path.

List installed certificates

keytool -list -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

Prints out a list of certificates and the aliases that refer to them.

Refer to the example output below:

Keystore type: BCFKS
Keystore provider: BCFIPS
Your keystore contains 151 entries
camerfirmachambersignca [jdk], Dec 18, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C
entrust2048ca [jdk], Dec 18, 2019, trustedCertEntry
Delete a certificate

Remove a certificate referred to by an alias.

keytool -delete -alias <alias> -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

A full example for managing certificate for FMS in FIPS-compliant mode

Add example certificate into FMS certificate store in FIPS-compliant mode

C:\Quest\Foglight\jre\bin>keytool -import -trustcacerts -alias "Evolve-Test" -file "D:/Evolve-test.crt" -keystore "C:/Quest/Foglight/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "C:/Quest/Foglight/server/core/bc-fips.jar" -storepass nitrogen

Owner: CN=CA, DC=ca, DC=local

Issuer: CN=CA, DC=ca, DC=local

Serial number: xxxx

Valid from: Sun Jan 06 23:07:06 CST 2019 until: Wed Apr 06 23:07:06 CST 2022

Certificate fingerprints:

...

 

Extensions:

...

Trust this certificate? [no]: yes

Certificate was added to keystore

 

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation