Chat now with support
Chat with Support

Foglight 6.3.0 - Installing Foglight on Windows with an External Microsoft SQL Server Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings HP patch checking tool Uninstalling Foglight Upgrading the Management Server Installing Foglight FAQ
Running the Management Server Installing and Upgrading Cartridges Installing Agents

Importing self-signed certificates to Foglight TrustStore

Foglight needs to verify self-signed certificates. It is necessary to configure the TrustStore properly for encrypted database/LDAP connection.

Non-FIPS mode

In non-FIPS mode, to be compatible with former Foglight versions, Foglight uses JRE TrustStore as the default TrustStore. The default TrustStore will NOT be preserved during Foglight upgrade. Foglight also support a separate TrustStore, which will be preserved during upgrade. Choose the one that best suits your needs:

Option 1: Import the certificate into the embedded JRE TrustStore, <foglight_home>\jre\lib\security\cacerts (default password: changeit), with the following command:
<foglight_home>\jre\bin\keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>\jre\lib\security\cacerts -storepass <store_pwd>
Option 2: Prepare and import the certificate into Foglight TrustStore with the following steps:
1
Prepare TrustStore: copy <foglight_home>\config\security\trust.keystore.sample to <foglight_home>\config\security\trust.keystore
2
Import the certificate into the Foglight TrustStore, <foglight_home>\ config\security\trust.keystore (default password: nitrogen), with the following command:
<foglight_home>\jre\bin\keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>\config\security\trust.keystore -storepass <store_pwd>

FIPS-compliant mode

In FIPS-compliant mode, it is required to use FIPS-validated KeyStore type BCFKS.

Import the certificate into the Foglight default TrustStore in FIPS-compliant mode, <foglight_home>\config\security\trust.fips.keystore (default password: nitrogen) with the following command:
<foglight_home>\jre\bin\keytool -import -trustcacerts -alias <alias_of_cert> - file <path_to_cert_file> -keystore <foglight_home>\config\security\trust.fips.keystore -deststoretype BCFKS - provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath <foglight_home>\server\core\bc-fips.jar -storepass <store_pwd>

Setting up an encrypted database connection

The server.config file contains the optional parameter server.database.secureconn, which is used as part of the process of setting up an encrypted database connection for a MySQL® ,Oracle® and Microsoft® SQL Server® databases.

In Foglight FIPS-compliant mode,or when using encrypted database connections, it is required to import self-signed SQL Server certificates to Foglight TrustStore.. For more information, refer to Importing self-signed certificates to Foglight TrustStore .

For more detailed control over the database connection properties, the server.config file contains a server.database.url property that can be configured with the JDBC URL that should be used to connect to the Microsoft® SQL Server® database.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating