Versions Compared

Old Version 20

changes.mady.by.user Erick Jones

Saved on

compared with

New Version Current

changes.mady.by.user Karl Henselin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Download and unzip the HTTPS Agent software using wget, curl, or manually from the Flexagon websiteSupport Portal.

Code Block
# select folder location where the agent will be downloaded
export SOFTWARE_HOME=/u01/software
mkdir -p $SOFTWARE_HOME
cd $SOFTWARE_HOME

# DOWNLOAD either using wget -O HttpsAgentTomcatComplete.zip or curl or transfer here manually
# FlexDeploy 7.0 requires version 7.0 of the https agent.
# A newer version may be available, see https://support.flexagon.com/a/solutions/downloads/httpsagent

As an alternative to wget you can use curl to download the agent software from the Flexagon website.

#B3D4FF
Code Block
articles/5000886515 for the latest download link.
wget -O HttpsAgentTomcatComplete.zip <link from support site>
# or
curl -L --max-redirs 5 https://flexagon.com/downloads/httpsagent <link from support site> --output HttpsAgentTomcatComplete.zip
Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor
If the endpoint does not have internet access you can download the agent from the Flexagon 
...
Support Portal and transfer the zip file manually.
Extract the zip file in the desired location (referred to as "HTTPS_AGENT_HOME" in this document).
...
The use of SSL is required. These steps Steps will be listed for generating and using a self signed certificate. You can of course use any other certificate compatible with Tomcat. See self signing, as well as importing an existing certificate. 
It is highly recommended you read the Tomcat Documentation for more details. 
...
Self Signed
Run the following command and generate the self signed certificate in the HTTPS_AGENT_HOME/config directory. Run the following command.
 Code Block
keytool -genkey -keyalg RSA -alias tomcat -keystore tomcat.jks -validity 365 -keysize 2048
When prompted enter a password for the keystore.
Then when prompted for your name input the hostname for the server. This is important, if this step is missed the FlexDeploy server will not trust the certificate. The rest of the information is not needed (although you can input it).
After that you will be prompted for the password for the tomcat key, press enter to use the same password as the keystore. This is required by Tomcat.
Next let’s export the certificate in order to add it to the FlexDeploy server’s trust store.
 Code Block
keytool -export -keystore tomcat.jks -storepass <password> -alias tomcat -file httpsagent.cer
...
Existing Certificate
First generate your certificate using whatever method you would usually use.
Next convert the certificate to pk12 format.
 Code Block
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile ca.crt -caname root
Now import the pk12 format cert into a java keystore. This will also generate the keystore if it does not exist. It is recommended to put the keystore into the HTTPS_AGENT_HOME/config directory. 
 Code Block
keytool -importkeystore -deststorepass <Same as deskkeypass> -destkeypass <Same as desstorepass> -destkeystore tomcat.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password -alias tomcat
Configure Tomcat and Import Public Key
Next configure the keystore password (and the location of the file if not generated in the config directory). Open up the HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/server.xml file. Find the SSL connector (by default set for port 8444) and add the keystore password like this: If you made the alias tomcat, this will be enough. Otherwise, add key
 Code Block
languagexml
<Connector port="8444" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
           keystoreFile="../config/tomcat.jks" keystorePass="KEYSTORE PASSWORD HERE">
</Connector>
...
First copy over the certificate that was generated (with the .cer extension). If you used an existing certificate, this should be the root certificate’s public key. You may have already configured this.
Next determine the Java install used by the FlexDeploy server. 
...
 Code Block
keytool -import -noprompt -trustcacerts -alias tomcathttpsAgent -file httpsagent.cer -keystore "JAVA_INSTALL_PATH/jre/lib/security/cacerts" -storepass <password>
The default password for the java keystore is changeit.
Now the server will be able to connect to the endpoint. It is not necessary to restart the FlexDeploy server after adding a certificate.
Step 5. Start the 
...
Agent
Run Execute the StartFlexDeployHttpsAgent.sh (or StartFlexDeployHttpsAgent.bat) script to start the agent.
...