立即与支持人员聊天
与支持团队交流

Foglight 6.0.0 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings Uninstalling Foglight Upgrading the Management Server
Running the Management Server Installing and Upgrading Cartridges Installing Agents Appendix: Switching from an Embedded to an External Database

Importing self-signed certificates to Foglight TrustStore

Foglight needs to verify self-signed certificates. It is necessary to configure the TrustStore properly for encrypted database/LDAP connection.

Non-FIPS mode

In non-FIPS mode, to be compatible with former Foglight versions, Foglight uses JRE TrustStore as the default TrustStore. The default TrustStore will NOT be preserved during Foglight upgrade. Foglight also support a separate TrustStore, which will be preserved during upgrade. Choose the one that best suits your needs:

Option 1: Import the certificate into the embedded JRE TrustStore, <foglight_home>/jre/lib/security/cacerts (default password: changeit), with the following command:
<foglight_home>/jre/bin/keytool -import -file <path_to_cert_file> -alias <alias_of_cert> -keystore <foglight_home>/jre/lib/security/cacerts -storepass <store_pwd>
1
Prepare TrustStore: copy <foglight_home>/config/security/trust.keystore.sample to <foglight_home>/config/security/trust.keystore
2
Import the certificate into the Foglight TrustStore, <foglight_home>/config/security/trust.keystore (default password: nitrogen), with the following command:

FIPS-compliant mode

In FIPS-compliant mode, it is required to use FIPS-validated KeyStore type BCFKS.

Import the certificate into the Foglight default TrustStore in FIPS-compliant mode, <foglight_home>/config/security/trust.fips.keystore (default password: nitrogen) with the following command:

Setting up an encrypted LDAP connection with SSL

Use the following instructions if you need to encrypt communication between the Management Server and the LDAP server.

1
Acquire the LDAP server certificate in .pem format from the administrator.
3
On the navigation panel, under Dashboards, click Administration > Users & Security > Directory Services Settings.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级