• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Foglight 5.9.5
• Foglight 5.9.5 - Installing Foglight on Windows with an External Microsoft SQL Server Database

Foglight 5.9.5 - Installing Foglight on Windows with an External Microsoft SQL Server Database

Table of Contents  

Before Installing Foglight

What is Foglight? Hardware requirements and guidelines Planning your installation

High Availability mode

Considerations for running the Management Server in HA mode

Using an external database Creating the database manually Licensing Installation modes

Console mode Silent mode

Installing Foglight

Preparing to install Installing a new version of the Management Server

Step 1: Introduction

Step 1: Introduction Step 2: Transaction Product Agreement Step 3: Select installation type Step 4: Choose installation folder Step 5: Choose shortcut location Step 6: Foglight service Step 7: Pre-installation summary Step 8: Installing Foglight Step 9: Foglight administrator password Step 10: Foglight mode Step 11: Foglight repository database type Step 12: Foglight ports configuration Step 13: Add Foglight license file Step 14: Add Foglight to system service Step 15: Foglight server startup Step 16: Install complete

Foglight Server Startup page Configuration about SQL Server Failover Next steps Embedded Agent Manager

Installed directories Foglight settings

Editing the server.config file Enabling High Availability mode after installation Changing external database credentials Setting up an encrypted database connection Setting up an encrypted LDAP connection with SSL Using encryption when sending email from Foglight Configuring ports Configuring the cluster multicast port used in High Availability mode Setting up Foglight server federation Setting memory parameters for the server

Process heap use

Adding command-line options Binding the Management Server to an IP address Configuring Foglight to use stronger encryption Configuring Foglight to use the HTTPS port

Importing a network security certificate Importing a PKCS #12 (pfx) format certificate

Setting the length of Foglight sessions

HP patch checking tool Uninstalling Foglight Upgrading the Management Server Installing Foglight FAQ

Running the Management Server

Manual database configuration

Option 1 - Run the Foglight database tool to configure the database Option 2 - Run SQL scripts to configure the database

Initializing the database Starting and stopping the Management Server

Starting the Management Server Running the Management Server as a Windows service

Using the Start Menu options Using the command line

Stopping the Management Server Starting and stopping the Management Server in High Availability mode

Logging in to Foglight

Monitoring the Management Server host Next steps

Running the Management Server FAQ

Installing and Upgrading Cartridges Installing Agents

Agent installers Remote agent installation

• Viewing Topics 53 - 56 of 80
•  Previous
• Next 

×

Configuring Foglight to use the HTTPS port

If you do not choose to install Foglight in Secure Server mode, you can edit server.config after installation and manually configure Foglight to restrict the Management Server to use the HTTPS port when accessing the browser interface.

You must have a signed, valid certificate to use this HTTPS configuration. It is recommended that you obtain a valid certificate from a third party as outlined in Importing a network security certificate.

To configure the Management Server to use the HTTPS port:

1	Stop the Management Server.

2	Open the file <foglight_home>\config\server.config on the Management Server machine.

3	Set the parameter server.console.httpsonly to true:

server.console.httpsonly = "true";

4	Save the server.config file.

5	Import the signed certificate into the Foglight keystore. See Importing a network security certificate for instructions.

6	Restart the Management Server.

7	Launch the Foglight browser interface using the appropriate HTTPS URL (https://<hostname>:<https_port>) to ensure that the Management Server can be accessed using HTTPS.

 

NOTE: The Foglight Management Server uses the HTTP port for local access even if you are accessing the browser interface through an HTTPS connection. If that is the case, both ports are open: the HTTPS port for external requests coming from the browser interface and the HTTP port for local requests. For example, the reporting service accesses the Foglight Management Server through the HTTP port while external requests use HTTPS. You must configure your firewall or network security applications to allow both ports to remain open.

Importing a network security certificate

In order to set up the Foglight Management Server to use HTTPS, you must generate a key pair (security certificate) into the Foglight keystore. This security certificate allows the server to communicate through the HTTPS protocol. Delete the existing certificate shipped with Foglight before generating a new key pair. Use the keytool utility shipped with Foglight to create, import, and export certificates. This utility can be found at:

<foglight_home>\jre\bin\keytool.exe

There are two keystores that Foglight uses:

•	The built-in Tomcat™ keystore located at: <foglight_home>\config\tomcat.keystore (default password: nitrogen)

•	The Management Server keystore located at: <foglight_home>\jre\lib\security\cacerts (default password: changeit)

To import a certificate:

1	Back up the existing tomcat key using the following command:

cd <foglight_home>\config
cp tomcat.keystore <your_backup_key>

2	Delete the existing tomcat key from the tomcat.keystore directory using the following command:

<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete

3	Create a new key under the tomcat alias using the following command:

<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity <number of days> -keyalg RSA -keysize 2048 -dname "CN=<your_fmsserver_dns_name>, OU=<your_organizational unit_name>, O=<your_organization_name>, L=<your_city_name>, ST=<your_state_name>, C=<your_two-letter_country_code>" -ext SAN=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip>

4	Generate a Certificate Signing Request (CSR) using the following command:

<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -certreq -ext san=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip> -file <your_request_file.csr>

This file must be signed by Certification Authority (CA).

5	Once you have the certificate signed, import it back to the tomcat.keystore using the following command:

<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -trustcacerts -import -file <your_converted_cerificate>

You will get a prompted message similar to the following:... is not trusted. Install reply anyway? [no]:

Type yes to install the new certificate.

The following is an example of commands for importing a certificate.

cd <foglight_home>/config
cp tomcat.keystore tomcat.keystore.backup
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity 730 -keyalg RSA -keysize 2048 -dname "CN=fms.quest.com, OU=Foglight, O=Quest, L=Aliso Viejo, ST=CA, C=US" -ext SAN=dns:fms.quest.com,ip:192.168.1.1
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity 730 -certreq -ext san=dns:fms.quest.com,ip:192.168.1.1 -file san.p7b
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity 730 -trustcacerts -import -file san.p7b

Importing a PKCS #12 (pfx) format certificate

If you have an existing SSL certificate and you want to use this certificate in Tomcat, follow the steps below to import this SSL certificate.

NOTE: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format: openssl pkcs12 -export -in <certfile> -inkey <keyfile> -out <keystorefile> -name tomcat -CAfile <cacertfile> -caname root

To import a certificate in Tomcat:

1	Delete the existing tomcat certificate from the tomcat.keystore directory using the following command:

<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete

2	Obtain the certificate’s alias name from the certificate PFX file using the following command:

<foglight_home>\jre\bin\keytool -keystore <your certificate pfx file> -storepass <certificate pfx password> -list -v

The following is an example of command output. The value of Alias name is required in step 3.

Your keystore contains 1 entry

Alias name: tq-294043e3-fd9d-42ee-a596-0217c7d6d5f8

Creation date: May 8, 2020

Entry type: PrivateKeyEntry

3	Merge the Tomcat keystore and the PKCS12 keystore using the following command:

<foglight_home>\jre\bin\keytool -importkeystore -destkeystore tomcat.keystore -deststorepass nitrogen -destalias tomcat -srckeystore <your certificate pfx file> -srcstorepass <certificate pfx password> -srcstoretype pkcs12 -srcalias <alias name in step 2>

4	On the Management Server, open the <foglight_home>/server/tomcat/server.xml file for editing.

5	In the server.xml file, locate the following Connector element and add keyPass and keyAlias parameters at the end:

<Connector executor="tomcatThreadPool" maxHttpHeaderSize="8192" URIEncoding="UTF-8" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" keystoreFile="../../config/tomcat.keystore" keystorePass="q171ede14ed29f0c1ee9dc65f698d8e6d" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" bindOnInit="false" maxThreads="900" keyPass="<certificate pfx password>" keyAlias="tomcat"/>

Setting the length of Foglight sessions

 

NOTE: This section applies only to Foglight Evolve.

You can configure the length of inactive Foglight browser interface sessions by changing the value of the parameter server.console.session.timeout. This parameter controls the length of time that Foglight waits before automatically logging you out of an idle browser interface session.

To change the Foglight session time-out setting:

1	Stop the Management Server. Open the file <foglight_home>\config\server.config on the Management Server machine. Set the parameter server.console.session.timeout to the desired value in minutes.

The default value is 60 minutes. If you set the value to less than or equal to 0, or greater than 30000000, Foglight never logs you out of the browser interface, regardless of how long the session has been inactive.

For example, to increase the time-out to 2 hours (120 minutes), you would set this parameter as follows:

server.console.session.timeout = "120";

2	Save the server.config file.

3	Restart the Management Server.

•  Previous
• Viewing Topics 53 - 56 of 80
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center