If this the first wildcard certificate, please follow this What are the steps required to use an external signed certificate in the Foglight Management Server?
If you already have a wildcard certificate and want use it in Foglight, here are the steps
1. Export wildcard certificate from other system to pfx format with password protection
2. Copy that file to the Foglight server $FGL_HOME\config
($FGL_HOME is directory where you installed Foglight Management Server)
3. Backup original tomcat.keystore
rename tomcat.keystor tomcat.keystore_orig
4. Open command prompt and go to C:\Quest\Foglight\config directory
5. Import wildcard certificate to tomcat.keystore
..\jre\bin\keytool -importkeystore -srckeystore pfx_file_from_step1.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype PKCS12 -deststorepass nitrogen -destkeypass nitrogen
6. Enter the pfx password
7. Find certificate alias name in keystore:
..\jre\bin\keytool --storepass nitrogen --keystore tomcat.keystore -list -v
8. Change server certificate alias to tomcat:
..\jre\bin\keytool -changealias -keystore tomcat.keystore -alias XXX-XXX-XXX-XXX-XXX -destalias tomcat
9. Restart Foglight Management Server or Foglight service.
- Foglight only use Tomcat alias for HTTPS
- Tomcat alias (key) level password must set to nitrogen
- If you have Foglight HA (high availability), you need apply this to all FMS server
- keytool is utility from Java JRE and you may need use full path to run above command
- For windows, default install location is C:\Quest\Foglight
- For Linux, default install location is /home//Quest/Foglight
- For vAPP, default install localtion is /home/foglight/Quest/Foglight
- A wildcard certificate issued for *.yourdomain.com will not work for a second level subdomain such as *.sub.yourdomain.com; one issued for the subdomain or use of Subject Alternative Names may be required to prevent certificate errors in some clients (E.g.: NET::ERR_CERT_COMMON_NAME_INVALID).