If you do not choose to install Foglight in Secure Server mode, you can edit server.config after installation and manually configure Foglight to restrict the Management Server to use the HTTPS port when accessing the browser interface.
You must have a signed, valid certificate to use this HTTPS configuration. It is recommended that you obtain a valid certificate from a third party as outlined in Importing a network security certificate.
2 |
Open the file <foglight_home>/config/server.config on the Management Server machine. |
3 |
4 |
5 |
7 |
Launch the Foglight browser interface using the appropriate HTTPS URL (https://<hostname>:<https_port>) to ensure that the Management Server can be accessed using HTTPS. |
<foglight_home>/jre/bin/keytool
There are two keystores that Foglight uses:
• |
The built-in Tomcat™ keystore located at: <foglight_home>/config/tomcat.keystore (default password: nitrogen) |
• |
The Management Server keystore located at: <foglight_home>/jre/lib/security/cacerts (default password: changeit) |
1 |
Back up the existing tomcat key using the following command: |
2 |
3 |
Create a new key under the tomcat alias using the following command: |
5 |
Once you have the certificate signed, import it back to the tomcat.keystore using the following command: |
7 |
Covert tomcat.keystore from JKS format to FIPS-verified BCFKS format using the following command: |
NOTE: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format: openssl pkcs12 -export -in <certfile> -inkey <keyfile> -out <keystorefile> -name tomcat -CAfile <cacertfile> -caname root |
1 |
Delete the existing tomcat certificate from the tomcat.keystore directory using the following command: |
4 |
On the Management Server, open the <foglight_home>/server/tomcat/server.xml file for editing. |
5 |
In the server.xml file, locate the following Connector element and add keyPass and keyAlias parameters at the end: |
You can configure the length of inactive Foglight browser interface sessions by changing the value of the parameter server.console.session.timeout. This parameter controls the length of time that Foglight waits before automatically logging you out of an idle browser interface session.
1 |
Stop the Management Server. Open the file <foglight_home>/config/server.config on the Management Server machine. Set the parameter server.console.session.timeout to the desired value in minutes. |
2 |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center