• United States (English)
• Brazil (Português)
• China (中文)
• France (Français)
• Germany (Deutsch)
• Italy (Italiano)
• Japan (日本語)
• Korea (한국어)
• Mexico (Español)

• Sign In
• Create Support Account

FREE TRIALS

• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Foglight Evolve 6.0.0
• Foglight Evolve 6.0.0 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

Foglight Evolve 6.0.0 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

Table of Contents  

Before Installing Foglight

What is Foglight? Hardware requirements and guidelines Planning your installation

Using the embedded database Licensing Installation modes

Console mode Silent mode

Installing Foglight

Preparing to install Installing a new version of the Management Server

Installing the Management Server - Standard Install option

Step 1: Introduction Step 2: Transaction Product Agreement Step 3: Select installation type Step 4: Installing Foglight Step 5: Foglight ports configuration Step 6: Foglight server startup Step 7: Install complete

Installing the Management Server - Custom Install option

Step 1: Introduction Step 2: Transaction Product Agreement Step 3: Select installation type Step 4: Choose installation folder Step 5: Choose link location Step 6: Pre-installation summary Step 7: Installing Foglight Step 8: Foglight administrator password Step 9: Foglight mode Step 10: FIPS Compliance mode Step 11: Foglight repository database type Step 12: Foglight ports configuration Step 13: Add Foglight license file Step 14: Add Foglight to system service Step 15: Foglight server startup Step 16: Install complete

Foglight Server Startup page Configuration about SQL Server Failover Next steps Embedded Agent Manager

Installed directories Foglight settings

Editing the server.config file Importing self-signed certificates to Foglight TrustStore

Non-FIPS mode FIPS-compliant mode

Setting up an encrypted LDAP connection with SSL Using encryption when sending email from Foglight Setting parameters for an embedded database

Specifying whether an embedded database is used Configuring the database start up and shut down grace periods Understanding the Password and Socket settings

Configuring ports Setting memory parameters for the server

Process heap use

Adding command-line options Binding the Management Server to an IP address Configuring Foglight to use stronger encryption Configuring Foglight to use the HTTPS port

Importing a network security certificate Importing a PKCS #12 (pfx) format certificate

Setting the length of Foglight sessions Configuring anti-virus exclusion settings

Uninstalling Foglight Upgrading the Management Server

Running the Management Server

Initializing the database Starting and stopping the Management Server

Starting the Management Server Stopping the Management Server

Logging in to Foglight

Monitoring the Management Server host Next steps

Running the Management Server FAQ

Installing and Upgrading Cartridges Installing Agents

Agent installers Remote agent installation

Appendix: Switching from an Embedded to an External Database

• Viewing Topics 45 - 48 of 80

×

Importing self-signed certificates to Foglight TrustStore

Foglight needs to verify self-signed certificates. It is necessary to configure the TrustStore properly for encrypted database/LDAP connection.

Non-FIPS mode

In non-FIPS mode, to be compatible with former Foglight versions, Foglight uses JRE TrustStore as the default TrustStore. The default TrustStore will NOT be preserved during Foglight upgrade. Foglight also support a separate TrustStore, which will be preserved during upgrade. Choose the one that best suits your needs:

Option 1: Import the certificate into the embedded JRE TrustStore, <foglight_home>/jre/lib/security/cacerts (default password: changeit), with the following command:

<foglight_home>/jre/bin/keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>/jre/lib/security/cacerts -storepass <store_pwd>

Option 2: Prepare and import the certificate into Foglight TrustStore with the following steps:

1	Prepare TrustStore: copy <foglight_home>/config/security/trust.keystore.sample to <foglight_home>/config/security/trust.keystore

2	Import the certificate into the Foglight TrustStore, <foglight_home>/config/security/trust.keystore (default password: nitrogen), with the following command:

<foglight_home>/jre/bin/keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>/config/security/trust.keystore -storepass <store_pwd>

FIPS-compliant mode

In FIPS-compliant mode, it is required to use FIPS-validated KeyStore type BCFKS.

Import the certificate into the Foglight default TrustStore in FIPS-compliant mode, <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen) with the following command:

<foglight_home>/jre/bin/keytool -import -trustcacerts -alias <alias_of_cert> - file <path_to_cert_file> -keystore <foglight_home>/config/security/trust.fips.keystore -deststoretype BCFKS - provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath <foglight_home>/server/core/bc-fips.jar -storepass <store_pwd>

Setting up an encrypted LDAP connection with SSL

Use the following instructions if you need to encrypt communication between the Management Server and the LDAP server.

To encrypt communication between Management Server and LDAP:

1	Acquire the LDAP server certificate in .pem format from the administrator.

2	Import the certificate into the Management Server keystore, see Importing self-signed certificates to Foglight TrustStore .

NOTE: In addition to the Root CA certificate, there may be one or more intermediate CA certificates. If so, make sure to import the Root CA certificate and all intermediate CA certificates in sequence.

3	On the navigation panel, under Dashboards, click Administration > Users & Security > Directory Services Settings.

4	Under LDAP Locations, click Edit.

5	Specify the LDAP server URL in the following format:

ldaps://ldap_server_host_name:636

 

NOTE: The port number for LDAP over SSL is usually 636. Confirm the exact port number with your LDAP server administrator.

6	Restart the Management Server.

•  Previous
• Viewing Topics 45 - 48 of 80
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating