Both the HTTP and HTTPS protocol are supported for License Server and are enabled by default. We recommend that you connect via HTTPS to ensure secure, encrypted communication between License Server and the Parasoft products.

HTTPS requires a signed SSL certificate. License Server ships with a self-signed SSL certificate, which is used by default. Alternatively, you can use a custom self-signed or commercially-signed certificate; see Enabling Custom SSL.

Enabling Custom SSL

The default Parasoft self-signed SSL certificate is shipped with License Server in a .keystore file. To use a custom SSL certificate:

  1. If your License Server is running, run the stopLS script to stop the server.
  2. Replace the default .keystore file with a custom .keystore file in the <LS_INSTALL>/app/tomcat/conf directory.
    (info) Your custom .keystore file must contain a signed certificate.
  3. Run the startLS scripts to start License Server.

Generating a .keystore File with a Self-signed Certificate

If you do not already have a .keystore file available, you can generate one by executing the following command:

  1. keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -keysize 2048

    This will create a keystore containing a private key and a self-signed certificate named keystore.jks with the password password. The -keysize setting is optional. The default keysize is 1024.

  2. Enter your organization name when prompted. When asked for your first and last name, you typically enter the domain name of the server to be accessed. This is especially important if you are going to use a commercially-signed certificate. For a self-signed certificate, you could provide any first and last name.
  3. Enter a password for the generated key when prompted. The password can be the same as the password used for the keystore. In this case, the alias for the private key is selfsigned.

Obtaining a Commercially-signed Certificate

You can obtain commercial certificates from a certificate authority (CA), such as verisign.com or thawte.com by submitting a certificate signing request (CSR) to the CA.

  1. Use the following command to create the CSR:  

    keytool -certreq -alias selfsigned -keystore keystore.jks -file cer- treq.csr


  2. You will be prompted to enter the keystore password. A certreq.csr CSR file is created for the key with the alias selfsigned.

  3. The CA will return a Root or Chain certificate and the newly-signed certificate—both of which must be imported into your keystone. Use the following command to import your root certificate:

    keytool -import -alias root -keystore keystore.jks -trustcacerts - file <filename_of_the_chain_certificate>

  4. Use the following command to import the new certificate:

    keytool -import -alias dtp -keystore keystore.jks -file <your_certificate_filename>

Disabling HTTPS

Change the protocol in the <LS_INSTALL>/data/conf/PSTSecConfig.xml file to HTTP:

<pstsec-config>
	<remote-authentication>
    	<enabled>false</enabled>
    	<host>localhost</host>
    	<port>8443</port>
		<protocol>http</protocol> 
	</remote-authentication>
</pstsec-config>



  • No labels

Need assistance? Visit our support page