Self-Signed Certificate for the Local License Server

When evaluating the local license server, you may not wish to acquire a proper server certificate. It’s possible to use a self-signed certificate instead, although this is not recommended for production use.

This section explains how to set up the server to communicate with the FlexNet License Server Administrator command-line tool (flexnetlsadmin) using a self-signed certificate.

The following procedure uses the keytool utility to generate the certificate; other tools are available.

To configure communication between the local license server and flexnetlsadmin using a self-signed certificate

1.

Use a command similar to the following to create a self-signed PKCS#12 certificate:

# HTTPS server mode

$ keytool \

-genkeypair \

-ext san=dns:yourhost.yourcompany.com \

-storetype PKCS12 -keystore self-signed.p12 \

-storepass self-signed-password \

-alias self-signed \

-keyalg RSA \

-keysize 4096 \

-validity 360 \

-dname "C=,S=,L=,O=,OU=,CN=yourhost.yourcompany.com"

2.

Specify the certificate that you just created in local-configuration.yaml:

# HTTPS server mode
https-in:

  # Set to true to enable

  enabled: true

  # HTTPS listening port

  port: 1443

  # Path to keystore

  keystore-path: self-signed.p12

  # Keystore password. You can obfuscate this with
  java -jar flexnetls.jar -password your-password-here

  keystore-password: self-signed-password

3.

Export the certificate in PEM format for flexnetlsadmin:

$ keytool -exportcert -alias self-signed -keystore self-signed.p12 -rfc -file self-signed.pem

4.

Start the local license server.

5.

Use a command such as the following to test the communication between the server and flexnetlsadmin:

$ flexnetls-admin --partitions -custom-trust self-signed.pem

[ {

  "id" : 1,

  "name" : "default",

  "activeFeatureSlices" : [ ],

  "lastModified" : "2023-02-13T11:31:53.622Z"} ]