How does Fglam work with self-signed and 3rd party certificates?
What are the options that can be set for self-signed certificates?
self-signed SSL certificates:
- Foglight ships with a self-signed SSL certificate ('self' means Quest FMS' cert).
- Foglight Management Server can be configured to use an SSL certificate signed by a third-party CA (aka 3rd Party Certificate)
This pararmeter remains as default in this configuration: ssl-allow-self-signed=false
How to modify the fglam.config.xml using the GUI Wizard on an existing FglAM installation:
1) Stop the FglAM.
2) %FglAM_HOME\bin\fglam --configure
3) Click Edit URL on the Server URLs section of the wizard.
ssl-allow-self-signed=true
causes the Agent Manager to accept self-signed certificates from the Management Server
ssl-allow-self-signed=false
causes the Agent Manager to NOT accept self-signed certificates from the Management Server. This is default setting when using 3rd party certicates (or no certificates at all).
- another option that is available to set in regards to self-signed certificates: "Allow a certificate with an unexpected common name:" Selecting this check box causes the Agent Manger to accept a certificate with a common name (host name) different than the one reported by the Management Server. Specify the name in the Certificate Common Name box when installing or reconfiguring fglam (fglam --configure).
Also see
titled: "How to set Fglam to use https to communicate with FMS? How to set Fglam to use ssl certificates? How to set FMS https port number? How to set FMS to use only https to connect in to the FMS console? How to request / import a private certificate into FMS? Can private cert requests be a 2048 bit request or is 1024 bit the max? How to encrypt LDAP communications?"
