Chat now with support
Chat with Support

Foglight Hybrid Cloud Manager 1.9 - User Guide (for Google environments)

Managing certificates for FMS in FIPS-compliant mode

Use the keytool utility shipped with Foglight to create, import, or export certificates. This utility can be found at: <foglight_home>\jre\bin\keytool.

The KeyStore Foglight used in FIPS-compliant mode is located at: <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen)

Add a certificate in FIPS-compliant mode

Use the keytool command in FMS JRE located in <foglight>/jre/bin.

keytool -import -trustcacerts -alias "<alias>" -file "<certificate path>" -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

<alias>: The alias is required and is used in the list and delete operations to refer to the certificate. It can be anything.
<Foglight_home>: The folder path where Foglight is installed.
<certificate path>: Your custom certificate path.

List installed certificates

keytool -list -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

Prints out a list of certificates and the aliases that refer to them.

Refer to the example output below:

Remove a certificate referred to by an alias.

keytool -delete -alias <alias> -keystore "<Foglight_home>/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "<Foglight_home>/server/core/bc-fips.jar" -storepass nitrogen

A full example for managing certificate for FMS in FIPS-compliant mode

C:\Quest\Foglight\jre\bin>keytool -import -trustcacerts -alias "Evolve-Test" -file "D:/Evolve-test.crt" -keystore "C:/Quest/Foglight/config/security/trust.fips.keystore" -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath "C:/Quest/Foglight/server/core/bc-fips.jar" -storepass nitrogen

Owner: CN=CA, DC=ca, DC=local

Issuer: CN=CA, DC=ca, DC=local

Serial number: xxxx

Valid from: Sun Jan 06 23:07:06 CST 2019 until: Wed Apr 06 23:07:06 CST 2022

Certificate fingerprints:

...

 

Extensions:

...

Trust this certificate? [no]: yes

Certificate was added to keystore

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating