Summary

This article will explain how to create a keystore that can be used with Flexnet Operations to enable SSL.

Synopsis

In order to create a keystore it is assumed that you have created the PFX file. The steps below will explain how to import the PFX file into the keystore for FlexNet Operations On-Premises.

Discussion

Steps to create the keystore for Flexnet Operations

1. First step is to import the given PFX file (PKCS format) into the keystore that will be used by the FNO application.

NOTE: Keytool.exe manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates and is part of the Java installation. Please refer to the article below for more information on this....

https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

keytool.exe -importkeystore -srckeystore ServerCertificate.pfx -srcstoretype pkcs12 -srcstorepass <password> -destkeystore FlexeraKeyStore.jks -deststoretype JKS

The following output should be displayed:

• Enter destination keystore password:
• Re-enter new password:
• Entry for alias le-0a9b7c02-2830-41bb-b46e-43ee80646aac successfully imported.
• Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

2. The next step is to isolate the certificate chain used to validate the certificate and put this into the truststore. You could use a separate truststore or add the certificate to the JDK's keystore. The second approach is more preferable, so this is what is used below.

• Convert the PFX file to PEM format and make sure we transport the certificates into the PEM file

NOTE: OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Please refer to the article below for more information and how to download....

https://www.openssl.org/source/

• openssl pkcs12 -in ServerCertificate.pfx -out Keystore.pem -nodes
• Enter Import Password:
• MAC verified OK

3. The next step is to convert this PEM file to X509 format.

• openssl x509 -outform der -in Keystore.pem -out flexera.der

4. The final step is to import this X509 certificate into the JDK's keystore.

• keytool.exe -import -alias flexera-alias -keystore " C:\cacert\FlexeraKeystore.jks " -file flexera.der
• Enter keystore password:
• Trust this certificate? [no]: yes
• Certificate was added to keystore

Steps to configure Flexnet Operations to use the created keystore

• Go to flexnet-setup: e.g. http://localhost:4321/flexnetsetup
• Stop FNO server
• Undeploy FNO and all applications
• Go to FNO_HOME\components\wildfly\standalone\logs and clean up the logs (This step will be beneficial later)
• Go to the 'Advanced' tab
• Change the keystore to the location of the keystore, e.g. "C:\certs\FlexeraKeyStore.jks"
• Add the password assigned to the keystore.
• Save the configuration
• Deploy FNO.
• Start server

Once the server is up, look at the server.log to find out if there are any key specific errors.

• Next verify whether https://localhost:8443/flexnet/operations comes up properly. 8443 was the https port specified.