Chat now with support
Chat with Support

Foglight for Virtualization Enterprise Edition 8.9.3 - Installing Foglight on Windows with an External Oracle Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings HP patch checking tool Uninstalling Foglight Upgrading the Management Server Installing Foglight FAQ
Running the Management Server Installing and Upgrading Cartridges Installing Agents

Importing a network security certificate

In order to set up the Foglight Management Server to use HTTPS, you must generate a key pair (security certificate) into the Foglight keystore. This security certificate allows the server to communicate through the HTTPS protocol. Delete the existing certificate shipped with Foglight before generating a new key pair. Use the keytool utility shipped with Foglight to create, import, and export certificates. This utility can be found at:

<foglight_home>\jre\bin\keytool.exe

There are two keystores that Foglight uses:

The built-in Tomcat™ keystore located at:
<foglight_home>\config\tomcat.keystore (default password: nitrogen)
<foglight_home>\config\tomcat_fips.keystore (For FIPS compliance mode, default password: nitrogen)
The Management Server keystore located at:
<foglight_home>\jre\lib\security\cacerts (default password: changeit)
1
Back up the existing tomcat key using the following command:
cd <foglight_home>\config
cp tomcat.keystore <your_backup_key>
2
Delete the existing tomcat key from the tomcat.keystore directory using the following command:
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
3
Create a new key under the tomcat alias using the following command:
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity <number of days> -keyalg RSA -keysize 2048 -dname "CN=<your_fmsserver_dns_name>, OU=<your_organizational unit_name>, O=<your_organization_name>, L=<your_city_name>, ST=<your_state_name>, C=<your_two-letter_country_code>" -ext SAN=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip>
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -certreq -ext san=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip> -file <your_request_file.csr>
5
Once you have the certificate signed, import it back to the tomcat.keystore using the following command:
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -trustcacerts -import -file <your_converted_cerificate>
7
Covert tomcat.keystore from JKS format to FIPS-verified BCFKS format using the following command:
<foglight_home>\jre\bin\keytool -importkeystore -srckeystore tomcat.keystore -destkeystore tomcat_fips.keystore -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath <foglight_home>\server\core\bc-fips.jar
You will get a prompted message similar to the following:... is not trusted. Install reply anyway? [no]:
Type yes to install the new certificate.

Importing a PKCS #12 (pfx) format certificate

If you have an existing SSL certificate and you want to use this certificate in Tomcat, follow the steps below to import this SSL certificate.

NOTE: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format:
openssl pkcs12 -export -in <certfile> -inkey <keyfile> -out <keystorefile> -name tomcat -CAfile <cacertfile> -caname root
1
Delete the existing tomcat certificate from the tomcat.keystore directory using the following command:
4
On the Management Server, open the <foglight_home>/server/tomcat/server.xml file for editing.
5
In the server.xml file, locate the following Connector element and add keyPass and keyAlias parameters at the end:

Setting the length of Foglight sessions

You can configure the length of inactive Foglight browser interface sessions by changing the value of the parameter server.console.session.timeout. This parameter controls the length of time that Foglight waits before automatically logging you out of an idle browser interface session.

1
Stop the Management Server. Open the file <foglight_home>\config\server.config on the Management Server machine. Set the parameter server.console.session.timeout to the desired value in minutes.
The default value is 60 minutes. If you set the value to less than or equal to 0, or greater than 30000000, Foglight never logs you out of the browser interface, regardless of how long the session has been inactive.
2
Save the server.config file.

HP patch checking tool

If your external database is installed on an HP-UX server, HP provides a tool for ensuring that all the patches required to run Java® on HP-UX are installed.

The tool is available from:

http://www.hp.com/go/java

To use the tool, issue the following command:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating