-
标题
How to configure the Foglight Management Server and Agent Manager to use https/SSL certificates/encryption? -
说明
How to set Foglight Agent Manager (FglAM) to use https to communicate with Foglight Management Server (FMS)?
How to set FglAM to use SSL certificates?
How to set FMS https port number?
How to set FMS to use only https to connect to the FMS console?
How to request / import a private certificates into FMS?
Can private certificate requests be a 2048 bit request or is 1024 bit the maximum?
How to encrypt LDAP communications?
-
解决办法
How to set FglAM to use HTTPS to communicate with FMS?
- Go to Foglight Documentation webpage
- By default the latest product version is selected. If you use an older product version, select that one from the drop down field "Latest Product Module/Version". If the version is not available from the drop down field, it means the product is out of support.
- Now filter by module "Foglight Agent Manager" from the drop down field "Or Filter by Module"
- Open the Agent Manager Guide
- Refer to section "Configuring the Agent Manager | Configuring the Agent Manager from the command line" which lists the command:
\bin\fglam.exe --configure
That command is used to reconfigure the FglAM (for example to change it to use https to connect to FMS).
How to set FglAM to use SSL certificates?
- Go to Foglight Documentation webpage
- By default the latest product version is selected. If you use an older product version, select that one from the drop down field "Latest Product Module/Version". If the version is not available from the drop down field, it means the product is out of support.
- Now filter by module "Foglight Agent Manager" from the drop down field "Or Filter by Module"
- Open the Agent Manager Guide
- Refer to section "Configuring the Agent Manager | Configuring the Foglight Agent Manager to Use SSL Certificates"
How to set FMS HTTPS port number?
FMS is going to accept connections from both: HTTP and HTTPS clients.
To configure the port numbers open the file:
- /$FMS_HOME/config/server.config
Find the parameters below and adjust is accordingly:
- server.http.port = "8080";
- server.https.port = "8443";
Note: the FMS must be restarted to invoke changes made to the server.config file.
How to set FMS to use only HTTPS to connect in to the FMS console (no HTTP)?
To configure the console connection to only use https open the file:
- /$FMS_HOME/config/server.config
Find the parameter below and set it to true:
- server.console.httpsonly = "true";
Note: the FMS must be restarted to invoke changes made to the server.config file.
How to request/import a private certificate into FMS?
Go to Importing a network security certificate. If ports used by the FMS configuration are required, locate the Foglight Installation and Setup Guide for the specific operating system/database.
Example: Foglight_Install_UNIXEmbeddedMySQL.pdfCan private cert requests be a 2048 bit request or is 1024 bit the max?
Used is the JBoss/Tomcat Server and the standard JSSE Ciphers. The key generated or stored in the keystore, can have 1024 or 2048 key length
While 1024 is standard, use the following parameter to increase the key size:
--keysize 2048Note: If the DSA algorithm is used then the --keysize limitation is between 512-1024. If the RSA algorithm is used then the --keysize limitation is between 512-65536
How to encrypt LDAP communications?
Refer to Can the FMS connect to LDAP using secure encrypted communications (secure LDAP port 636)? (54616)
-
其他信息
Also relevant:
Title: How does FglAM work with self-signed and 3rd party certificates? What are the options that can be set for self-signed certificates?