Performing preinstallation tasks on Windows
Before you install HCL® Local License Server 3.0, you might need to prepare or configure your computer.
About this task
Procedure
-
Download the offline installer:
- Log in to the HCL Software License & Download portal.
- Select List Downloads from the Downloads menu, then select HCL® Local License Server 3.0 from Uncategorized Products.
- Click HCL_LLS_3.0_Windows_x64_GUI_Offline.zip to download the installer.
-
Set the JAVA_HOME or JRE_HOME with the PATH environment variable on your Windows
system.
For example, if you installed JDK, then set JAVA_HOME = C:\Program Files\Java\OpenJDK8U; PATH = %JAVA_HOME%\bin. If you installed JRE, then set JRE_HOME = C:\Program Files\Java\JRE291; PATH = %JRE_HOME%\bin.
-
Obtain one of the following SSL certificates:
- Third-party SSL certificate
Perform the following steps to convert the SSL certificate file into PFX/P12 format, export, and then import the file into the Java TrustStore (cacerts) path.Notes:
- For FQDN-Hostname, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
- For LLSHostname, you must enter the hostname of HCL® Local License Server. For example, myserver.
Action Command Convert PKCS 12 (.p12 or .PFX) file into Java KeyStore (.jks) format to get an output file, keystore.jks. keytool -importkeystore -srckeystore licenseservercert.pfx -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS -srcstorepass replace_with_your_existing_pfx_password -deststorepass Enter_a_new_password_the_jks_keystore The password values for -srcstorepass and -deststorepass can be the same.
Export the .jks certificate file to .certs file that needs to be imported into the TrustStore (cacerts) file. keytool -export -alias FQDN-Hostname -keystore <.jks file> -rfc -file LLShostname.certs -storepass <password used during .jks certificate creation> -noprompt For example, keytool -export -alias myserver.hcl.com -keystore keystore.jks -rfc -file myserver.certs -storepass changeit -noprompt
Import the .certs file to the TrustStore (cacerts) path. Command for Oracle Java SE 8u281 or later and OpenJDK 8u282 or later:
keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt
Command for OpenJDK 11.0.10 or later:
keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass changeit -noprompt
Note: The default TrustStore (cacerts) password is changeit. - Self-signed certificatePerform the following steps to generate the SSL certificate file in the .jks format, export the file, and then import the file into the Java TrustStore (cacerts) path.Notes:
- For FQDN-Hostname, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
- For LLSHostname, you must enter the hostname of HCL® Local License Server. For example, myserver.
- For SystemIPAddress, provide your system IP address, which must be a static IP address.
- For the first and last name, when prompted, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
- You must use the same password for the keystore.jks file creation and for exporting the keystore.jks file to .certs file.
Action Command Generate the self-signed SSL certificate (keystore.jks). For Oracle Java SE 8u282 or later and OpenJDK 8u282 or later, navigate to the path of the Keytool.exe file where Java is installed and run the following command as an administrator: keytool -genkey -keyalg RSA -alias FQDN-Hostname -keystore keystore.jks -storepass changeit - validity 800 -keysize 4096 -ext san=dns:FQDN-Hostname,dns:localhost
For example, keytool -genkey -keyalg RSA -alias myserver.hcl.com -keystore keystore.jks -storepass changeit -validity 800 -keysize 4096 -ext san=dns:myserver.hcl.com,dns:localhost
For OpenJDK 11.0.10 or later, navigate to the path of the Keytool.exe file where the Java is installed and run the following command as an administrator:keytool -genkey -keyalg RSA -alias FQDN-Hostname -keystore keystore.jks -storepass changeit - validity 800 -keysize 4096 -ext san=dns:FQDN-Hostname,dns:localhost
For example, keytool -genkey -keyalg RSA -alias myserver.hcl.com -keystore keystore.jks -storepass changeit - validity 800 -keysize 4096 -ext san=dns:myserver.hcl.com,dns:localhost
Export the .jks certificate file to .certs file that needs to be imported into the TrustStore (cacerts) file. keytool -export -alias FQDN-Hostname -keystore keystore.jks -rfc -file LLShostname.certs -storepass <password used during .jks certificate file creation> -noprompt For example, keytool -export -alias myserver.hcl.com -keystore keystore.jks -rfc -file myserver.certs -storepass changeit -noprompt
Import the .certs file to the TrustStore (cacerts) path. Command for Oracle Java SE 8u281 or later and OpenJDK 8u282 or later:
keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt
Command for OpenJDK 11.0.10 or later:
keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass <truststore default password> -noprompt
For example, keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass changeit -noprompt
Note: The default TrustStore (cacerts) password is changeit.
- Third-party SSL certificate