지금 지원 담당자와 채팅
지원 담당자와 채팅

Foglight Evolve 9.2 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings Uninstalling Foglight Upgrading the Management Server
Running the Management Server Installing and Upgrading Cartridges Installing Agents Appendix: Switching from an Embedded to an External Database

Importing self-signed certificates to Foglight TrustStore

Foglight needs to verify self-signed certificates. It is necessary to configure the TrustStore properly for encrypted database/LDAP connection.

Non-FIPS mode

In non-FIPS mode, to be compatible with former Foglight versions, Foglight uses JRE TrustStore as the default TrustStore. The default TrustStore will NOT be preserved during Foglight upgrade. Foglight also support a separate TrustStore, which will be preserved during upgrade. Choose the one that best suits your needs:

Option 1: Import the certificate into the embedded JRE TrustStore, <foglight_home>/jre/lib/security/cacerts (default password: changeit), with the following command:
<foglight_home>/jre/bin/keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>/jre/lib/security/cacerts -storepass <store_pwd>
Option 2: Prepare and import the certificate into Foglight TrustStore with the following steps:
1
Prepare TrustStore: copy <foglight_home>/config/security/trust.keystore.sample to <foglight_home>/config/security/trust.keystore
2
Import the certificate into the Foglight TrustStore, <foglight_home>/config/security/trust.keystore (default password: nitrogen), with the following command:
<foglight_home>/jre/bin/keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>/config/security/trust.keystore -storepass <store_pwd>

FIPS-compliant mode

In FIPS-compliant mode, it is required to use FIPS-validated KeyStore type BCFKS.

Import the certificate into the Foglight default TrustStore in FIPS-compliant mode, <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen) with the following command:
<foglight_home>/jre/bin/keytool -import -trustcacerts -alias <alias_of_cert> - file <path_to_cert_file> -keystore <foglight_home>/config/security/trust.fips.keystore -deststoretype BCFKS - provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath <foglight_home>/server/core/bc-fips.jar -storepass <store_pwd>

Setting up an encrypted LDAP connection with SSL

Use the following instructions if you need to encrypt communication between the Management Server and the LDAP server.

To encrypt communication between Management Server and LDAP:
1
Acquire the LDAP server certificate in .pem format from the administrator.
2
Import the certificate into the Management Server keystore, see Importing self-signed certificates to Foglight TrustStore .
* 
NOTE: In addition to the Root CA certificate, there may be one or more intermediate CA certificates. If so, make sure to import the Root CA certificate and all intermediate CA certificates in sequence.
3
On the navigation panel, under Dashboards, click Administration > Users & Security > Directory Services Settings.
4
Under LDAP Locations, click Edit.
5
Specify the LDAP server URL in the following format:
ldaps://ldap_server_host_name:636
 
* 
NOTE: The port number for LDAP over SSL is usually 636. Confirm the exact port number with your LDAP server administrator.
6
Restart the Management Server.
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택