Chat now with support
Chat with Support

Foglight 5.9.5 - Installing Foglight on a UNIX System with an External MySQL Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings HP patch checking tool Uninstalling Foglight Upgrading the Management Server Installing Foglight FAQ
Running the Management Server Installing and Upgrading Cartridges Installing Agents

Setting up an encrypted database connection with SSL

Setting up an encrypted database connection with SSL

The following procedure outlines how to set up a secure external MySQL® database connection and verify that the MySQL® Server supports SSL encryption.

 
* 
NOTE: This procedure must be performed after installation but before you start the Management Server.
To set up an encrypted external MySQL database connection with SSL:
1
Import a CA certificate into the Management Server keystore (cacerts) as outlined in Importing a network security certificate.
2
Update the MySQL configuration file (my.ini) with the new security certificate and key information by adding the following properties:
ssl-ca=<cacert.pem>
ssl-cert=<server-cert.pem>
ssl-key=<server-key.pem>
3
Uncomment and set the server.database.secureconn attribute in the server.config file to true, as shown below.
server.database.secureconn = "true";
 
* 
NOTE: Do not enable this option until the database server’s CA certificate is properly imported into <foglight_home>/jre/lib/security/cacerts.
4
Start the database.
5
Start the Management Server.
To verify whether the MySQL Server (mysqld) supports SSL connections:
1
Ensure that the MySQL Server (mysqld program) for your Foglight database is running.
2
Login to mysql:
mysql --host <hostname> –port=<mysql_db_port_number> –user=<mysql_user> --password=<mysql_user_passwword>
3
At the mysql prompt, run the following query:
show variables like 'have_ssl'
4
The output shows the variable have_ssl with a value of either YES or DISABLED.
If the value is YES, the MySQL® Server supports SSL connections. If the value is DISABLED, the MySQL Server supports SSL connections but was not started with the appropriate SSL command options (-ssl-<option_name>=<value>). See the MySQL documentation for more information about these options.

Setting up an encrypted LDAP connection with SSL

Use the following instructions if you need to encrypt communication between the Management Server and the LDAP server.

To encrypt communication between Management Server and LDAP:
1
Acquire the LDAP server certificate in .pem format from the administrator.
2
Import the certificate into the Management Server keystore, <foglight_home>/jre/lib/security/cacerts (default password: changeit), with the following command:
<foglight_home>/jre/bin/keytool -J-server ‑import ‑file <path_to_cert_file> ‑alias ldapsvrcert ‑keystore <path_to_cacerts> ‑storepass <store_pwd>
 
* 
NOTE: If you do not specify the password using the ‑storepass option, keytool prompts you to supply it.
NOTE: In addition to the Root CA certificate, there may be one or more intermediate CA certificates. If so, make sure to import the Root CA certificate and all intermediate CA certificates in sequence.
The following are the examples of command for importing Root CA and intermediate CA certificates:
Root CA certificate: <foglight_home>\jre\bin\keytool -import -trustcacerts -alias ldapsvrcert -keystore <path_to_cacerts> -storepass changeit -file <path_to_cert_file>
Intermediate CA certificate 1: <foglight_home>\jre\bin\keytool -import -alias ldapsvrcert2 -keystore <path_to_cacerts> -storepass changeit -file <path_to_cert_file>
Intermediate CA certificate 2: <foglight_home>\jre\bin\keytool -import -alias ldapsvrcert3 -keystore <path_to_cacerts> -storepass changeit -file <path_to_cert_file>
3
On the navigation panel, under Dashboards, click Administration > Users & Security > Directory Services Settings.
4
Under LDAP Locations, click Edit.
5
Specify the LDAP server URL in the following format:
ldaps://ldap_server_host_name:636
 
* 
NOTE: The port number for LDAP over SSL is usually 636. Confirm the exact port number with your LDAP server administrator.
6
Restart the Management Server.

Using encryption when sending email from Foglight

You can use encryption when sending email from Foglight. To do so, you must enable Foglight to use the SSL protocol and configure the mail server used by Foglight to use an SSL certificate that is not self-signed.

You can configure Foglight to use the SSL protocol either on the Email Configuration Dashboard or by editing the related mail.use.ssl registry variable. See the Administration and Configuration Help for more information.

See the documentation for your mail server for information about configuring it to use an SSL certificate.

Configuring ports

You can set a number of different ports using the file <foglight_home>/config/server.config, including mandatory ports required for Foglight to run.

For a list of these ports, their default values, and the configuration parameters you can use to set them in server.config, see the Administration and Configuration Help.

 
* 
NOTE: In certain configurations the Management Server may use ports in addition to the ones that you set using server.config; for example, when Foglight is running in High Availability (HA) mode. See the Administration and Configuration Guide for details.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating