Performing preinstallation tasks on Linux
Before you install HCL® Local License Server 3.0, you might need to prepare or configure your computer.
Before you begin
- Root user privilege to execute the commands.
- Access to the GUI screen of the Linux OS.
About this task
Procedure
-
Download the offline installer:
- Log in to the HCL Software License & Download portal.
- Select List Downloads from the Downloads menu, then select HCL® Local License Server 3.0 from Uncategorized Products.
- Click HCL_LLS_3.0_Linux_x64_GUI_Offline.tar.gz to download the installer.
-
Set the JAVA_HOME or JRE_HOME with the PATH environment variable on your Linux system
by appending the export JAVA_HOME or JRE_HOME and PATH command with the values in the
.bashrc file. You can use the editor tool (For example, vi or
vim).
For example, if you installed JDK, then set JAVA_HOME = /usr/lib/jvm/java; PATH = $PATH:$JAVA_HOME/bin. If you installed JRE, then set JRE_HOME = /usr/lib/jvm/java/jre; PATH = $PATH:$JRE_HOME/bin.
- Optional:
If the Linux version that you are using is not built using the GUI mode, then install
the following packages to use the GUI-based HCL® Local License
Server installer:
- xterm*
- xorg*
- xclock
- xauth
- xorg-x11-xauth
Notes: You must use the appropriate package manager such as yum, rpm, or dnf depending on the version of the operating system while you install the listed packages.Also, if you are using a GCC version that is older than the recommended version, you might get an error while launching configure utility. To resolve the issue, refer to https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110865.
- Optional:
If you are using VNC Viewer with a headless Linux VM, then you must enable x11 port
forwarding:
-
Obtain one of the following SSL certificates:
- Third-party SSL certificatePerform the following steps to export the PFX/P12 certificate file to the .certs file and then import the file into the java truststore (cacerts) path.Notes:
- For FQDN-Hostname, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
- For LLSHostname, you must enter the hostname of HCL® Local License Server. For example, myserver.
Action Command Export the the PFX/P12 certificate file to .certs file that needs to be imported into the truststore (cacerts) file. sudo keytool -export -alias FQDN-Hostname -keystore <pfx/p12 file> -rfc -file LLShostname.certs -storepass <password used during PFX/P12 certificate creation> For example, sudo keytool -export -alias myserver.hcl.com -keystore keystore.pfx -rfc -file myserver.certs -storepass Ch@ngeit1
Import the .certs file to the Truststore (cacerts) path. Command for Oracle Java SE 8u281 or later and OpenJDK 8u282 or later:
sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt
Command for OpenJDK 11.0.10 or later:
sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass changeit -noprompt
Note: The default truststore(cacerts) password is changeit. - Self-signed certificatePerform the following steps to generate the SSL certificate file in the .jks format, export the file, and then import the file into the Java TrustStore (cacerts) path.Notes:
- For FQDN-Hostname, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
- For LLSHostname, you must enter the hostname of HCL® Local License Server. For example, myserver.
- For SystemIPAddress, provide your system IP address, which must be a static IP address.
- For the first and last name, you must enter the fully qualified domain name of HCL® Local License Server, when prompted. For example, myserver.hcl.com.
- You must use the same password for the keystore.jks file creation and for exporting the keystore.jks file to .certs file.
Action Command Generate the self-signed SSL certificate (keystore.jks). Navigate to the path of the Keytool.exe file where Java is installed and run the following command as an administrator: sudo keytool -genkey -keyalg RSA -alias FQDN-Hostname -keystore keystore.jks -storepass Ch@ngeit1 -validity 800 -keysize 4096 -ext san=dns:FQDN-Hostname,dns:localhost
For example, sudo keytool -genkey -keyalg RSA -alias myserver.hcl.com -keystore keystore.jks -storepass Ch@ngeit1 -validity 800 -keysize 4096 -ext san=dns:myserver.hcl.com,dns:localhost
Export the .jks certificate file to .certs file that needs to be imported into the TrustStore (cacerts) file. sudo keytool -export -alias FQDN-Hostname -keystore keystore.jks -rfc -file LLShostname.certs -storepass <password used during keystore.jks creation> For example, sudo keytool -export -alias myserver.hcl.com -keystore keystore.jks -rfc -file myserver.certs -storepass Ch@ngeit1
Import the .certs file to the TrustStore (cacerts) path. Command for Oracle Java SE 8u281 or later and OpenJDK 8u282 or later:
sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt
Command for OpenJDK 11.0.10 or later:
sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass changeit -noprompt
Note: The default TrustStore (cacerts) password is changeit.
- Third-party SSL certificate