Chat now with support
Chat with Support

Foglight 6.3.0 - Installing Foglight on Windows with an External Microsoft SQL Server Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings HP patch checking tool Uninstalling Foglight Upgrading the Management Server Installing Foglight FAQ
Running the Management Server Installing and Upgrading Cartridges Installing Agents

Binding the Management Server to an IP address

To cause the Foglight Management Server to bind to a specific IP address, use the dedicated properties in the <foglight_home>\config\server.config file. For example:

server.bind.address = “";

server.remote.address = “";

Where is the host name assigned to the bind address in DNS. If no DNS name is available, a raw IP address can be used in this property.

Binding Foglight to a specific IP address can be used where, for example, the same IP address is to be used by multiple Management Server instances on a single host, each IP address delineating a virtual boundary between instances. In such situations, the Management Server will only listen for incoming TCP traffic on that specific IP address. By default, the Management Server listens to all IPv4 and IPv6 addresses.

Configuring Foglight to use stronger encryption


Foglight Management Server 5.6.3 and later includes unlimited strength security policies. In some cases, such as Credential Management, this encryption level may be insufficient. If 256‑bit (or higher) AES keys are necessary, use the following procedure to configure the Management Server to use stronger encryption.

Open the file <foglight_home>\config\server.config on the Management Server machine.
Set the java system property foglight.credentials.enc.key.size to 256 (or higher):
Save the server.config file.

Configuring Foglight to use the HTTPS port

If you do not choose to install Foglight in Secure Server mode, you can edit server.config after installation and manually configure Foglight to restrict the Management Server to use the HTTPS port when accessing the browser interface.

You must have a signed, valid certificate to use this HTTPS configuration. It is recommended that you obtain a valid certificate from a third party as outlined in Importing a network security certificate.

Open the file <foglight_home>\config\server.config on the Management Server machine.
Set the parameter server.console.httpsonly to true:
server.console.httpsonly = "true";
Save the server.config file.
Launch the Foglight browser interface using the appropriate HTTPS URL (https://<hostname>:<https_port>) to ensure that the Management Server can be accessed using HTTPS.

Importing a network security certificate

In order to set up the Foglight Management Server to use HTTPS, you must generate a key pair (security certificate) into the Foglight keystore. This security certificate allows the server to communicate through the HTTPS protocol. Delete the existing certificate shipped with Foglight before generating a new key pair. Use the keytool utility shipped with Foglight to create, import, and export certificates. This utility can be found at:


There are two keystores that Foglight uses:

The built-in Tomcat™ keystore located at:
<foglight_home>\config\tomcat.keystore (default password: nitrogen)
<foglight_home>\config\tomcat_fips.keystore (For FIPS compliance mode, default password: nitrogen)
The Management Server keystore located at:
<foglight_home>\jre\lib\security\cacerts (default password: changeit)
Back up the existing tomcat key using the following command:
cd <foglight_home>\config
cp tomcat.keystore <your_backup_key>
Delete the existing tomcat key from the tomcat.keystore directory using the following command:
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
Create a new key under the tomcat alias using the following command:
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity <number of days> -keyalg RSA -keysize 2048 -dname "CN=<your_fmsserver_dns_name>, OU=<your_organizational unit_name>, O=<your_organization_name>, L=<your_city_name>, ST=<your_state_name>, C=<your_two-letter_country_code>" -ext SAN=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip>
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -certreq -ext san=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip> -file <your_request_file.csr>
Once you have the certificate signed, import it back to the tomcat.keystore using the following command:
<foglight_home>\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -trustcacerts -import -file <your_converted_cerificate>
Covert tomcat.keystore from JKS format to FIPS-verified BCFKS format using the following command:
<foglight_home>\jre\bin\keytool -importkeystore -srckeystore tomcat.keystore -destkeystore tomcat_fips.keystore -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath <foglight_home>\server\core\bc-fips.jar
You will get a prompted message similar to the following:... is not trusted. Install reply anyway? [no]:
Type yes to install the new certificate.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating