Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

How to use wildcard certificates in Foglight? (4262502)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

How to use wildcard certificates in Foglight?
Description

How to use wildcard certificates in Foglight?
Resolution
If this the first wildcard certificate, please follow this What are the steps required to use an external signed certificate in the Foglight Management Server?
If you already have a wildcard certificate and want use it in Foglight, here are the steps
1. Export wildcard certificate from other system to pfx format with password protection
2. Copy that file to the Foglight server $FGL_HOME\config
($FGL_HOME is directory where you installed Foglight Management Server)
3. Backup original tomcat.keystore
rename tomcat.keystor tomcat.keystore_orig
4. Open command prompt and go to C:\Quest\Foglight\config directory
5. Import wildcard certificate to tomcat.keystore
..\jre\bin\keytool -importkeystore -srckeystore pfx_file_from_step1.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype PKCS12 -deststorepass nitrogen -destkeypass nitrogen
6. Enter the pfx password
7. Find certificate alias name in keystore:
..\jre\bin\keytool --storepass nitrogen --keystore tomcat.keystore -list -v
8. Change server certificate alias to tomcat:
..\jre\bin\keytool -changealias -keystore tomcat.keystore -alias XXX-XXX-XXX-XXX-XXX -destalias tomcat
9. Restart Foglight Management Server or Foglight service.

Notes:
- Foglight only use Tomcat alias for HTTPS
- Tomcat alias (key) level password must set to nitrogen
- If you have Foglight HA (high availability), you need apply this to all FMS server
- keytool is utility from Java JRE and you may need use full path to run above command
- For windows, default install location is C:\Quest\Foglight
- For Linux, default install location is /home//Quest/Foglight
- For vAPP, default install localtion is /home/foglight/Quest/Foglight
- A wildcard certificate issued for *.yourdomain.com will not work for a second level subdomain such as *.sub.yourdomain.com; one issued for the subdomain or use of Subject Alternative Names may be required to prevent certificate errors in some clients (E.g.: NET::ERR_CERT_COMMON_NAME_INVALID).
Additional Information

If an externally generated jks file is being used execute the following steps: - Backup the tomcat.keystore - Replace the tomcat.keystore with the pkcs12 file (rename the jks file to tomcat.keystore) - Execute steps 5 - 9 above.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Leave a Comment

Recommended Content

Product(s):: Foglight for Databases
6.1.0, 6.0.0, 5.9.7, 5.9.5, 5.9.4, 5.9.3, 5.9.2; Foglight Evolve
9.0; Foglight for Virtualization Enterprise Edition
8.9, 8.8.5, 8.8, 8.7.5, 8.7, 8.6, 8.5.5, 8.5, 8.4, 8.3, 8.2, 8.0.1; Foglight
6.1.0, 6.0.0, 5.9.8, 5.9.7, 5.9.5, 5.9.4, 5.9.3, 5.9.2, 5.7.5, 5.7.1, 5.6.11, 5.6.10, 5.6.7, 5.6.5, 5.6.4, 5.6.3

Topic(s):: How To, Configuration

Article History:: Created on: 3/24/2017
Last Update on: 5/7/2023

Search All Articles

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center