Step 3: Enabling secure communication

Edit online

After a certificate authority (CA) signs your certificate signing request (CSR), the CSR transforms into a certificate. Upload this certificate and the private key to License Metric Tool.

Before you begin

  • The use of HTTPS is enabled by default, but this configuration is based on temporary self-signed certificates that are not intended for production environments.
  • Enabling or disabling the use of HTTPS changes the web address of your License Metric Tool server. Ensure that you run a data import afterward to update the address in the Fixlets that use it to download files from the server.

Procedure

  1. Log in to License Metric Tool.
  2. In the top navigation bar, click Management > Server Settings.
  3. Starting from application update 9.2.26, the use of HTTPS and TLS 1.2 is enforced. Thus, the steps differ depending on the application update that you are using.
    • For application update 9.2.26 and higher, perform the following steps.
      1. In the Certificate section, click replace.
      2. Select Import a PEM or PKCS#12 private key and certificate.
        Note: The certificate and the key must be PEM-encoded or enfolded in PKCS#12 keystore.
      3. Click Browse to locate the file in the PEM or PKCS#12 format.
      4. If the private key and certificates are delivered in separated files, select Private key is in a separate file and locate the private key file.
      5. Enter the password for the private key. This field is required only if you set a password for your private key or PKCS#12 keystore.
      6. Click Save.
    • For application update 9.2.25 and lower, perform the following steps.
      1. Select Use HTTPS. The Certificate subsection opens.
      2. Optional: Select Use TLSv1.2.
        Important: To fulfill all requirements for SP800-131 compliance, see: Enabling SP800-131 compliance.
      3. Provide information about the certificate.
        Note: The certificate and the key must be PEM-encoded or enfolded in PKCS#12 keystore.
        1. Select Import a PEM encoded private key and certificate.
        2. Click Browse to locate the certificate file in the PEM or PKCS#12 format.
        3. Click Browse to locate the private key file in the PEM or PKCS#12 format.
          Note: If the certificate and the private key are delivered in a one file, select the same file once again.
        4. Enter the password for the private key. This field is required only if you set a password for your private key or PKCS#12 keystore.
        5. Click Save.
  4. For the changes to take effect, restart the server.
    1. Stop the server.
    2. Start the server.

Results

You enabled secure communication on your server. All outgoing communication is now encrypted with the private key that you provided.