Self-Signed Certificate for the Local License Server
When evaluating the local license server, you may not wish to acquire a proper server certificate. It’s possible to use a self-signed certificate instead, although this is not recommended for production use.
This section explains how to set up the server to communicate with the FlexNet License Server Administrator command-line tool (flexnetlsadmin) using a self-signed certificate.
The following procedure uses the keytool utility to generate the certificate; other tools are available.
To configure communication between the local license server and flexnetlsadmin using a self-signed certificate
| 1. | Use a command similar to the following to create a self-signed PKCS#12 certificate: |
# HTTPS server mode
$ keytool \
-genkeypair \
-ext san=dns:yourhost.yourcompany.com \
-storetype PKCS12 -keystore self-signed.p12 \
-storepass self-signed-password \
-alias self-signed \
-keyalg RSA \
-keysize 4096 \
-validity 360 \
-dname "C=,S=,L=,O=,OU=,CN=yourhost.yourcompany.com"
| 2. | Specify the certificate that you just created in local-configuration.yaml: |
# HTTPS server mode
https-in:
# Set to true to enable
enabled: true
# HTTPS listening port
port: 1443
# Path to keystore
keystore-path: self-signed.p12
# Keystore password. You can obfuscate this with
java -jar flexnetls.jar -password your-password-here
keystore-password: self-signed-password
| 3. | Export the certificate in PEM format for flexnetlsadmin: |
$ keytool -exportcert -alias self-signed -keystore self-signed.p12 -rfc -file self-signed.pem
| 4. | Start the local license server. |
| 5. | Use a command such as the following to test the communication between the server and flexnetlsadmin: |
$ flexnetls-admin --partitions -custom-trust self-signed.pem
[ {
"id" : 1,
"name" : "default",
"activeFeatureSlices" : [ ],
"lastModified" : "2023-02-13T11:31:53.622Z"} ]