Both the HTTP and HTTPS protocol are supported for License Server and are enabled by default. We recommend that you connect via HTTPS to ensure secure, encrypted communication between License Server and the Parasoft products.

HTTPS requires a signed SSL certificate. License Server ships with a self-signed SSL certificate, which is used by default. Alternatively, you can use a custom self-signed or commercially signed certificate; see Enabling Custom SSL.

In this section:

Enabling Custom SSL

The default Parasoft self-signed SSL certificate is shipped with License Server in a .keystore file. To use a custom SSL certificate:

  1. If your License Server is running, run the stopLS script to stop the server.
  2. Replace the default .keystore file with a custom .keystore file in the <LS_INSTALL>/app/tomcat/conf directory.
    (info) Your custom .keystore file must contain a signed certificate.
  3. Run the startLS scripts to start License Server.

Generating a .keystore File with a Self-signed Certificate

If you do not already have a .keystore file available, you can generate one by executing the following command:

  1. keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -keysize 2048

    This will create a keystore containing a private key and a self-signed certificate named keystore.jks with the password password. The -keysize setting is optional. The default keysize is 1024.

  2. Enter your organization name when prompted. When asked for your first and last name, you typically enter the domain name of the server to be accessed. This is especially important if you are going to use a commercially signed certificate. For a self-signed certificate, you could provide any first and last name.
  3. Enter a password for the generated key when prompted. The password can be the same as the password used for the keystore. In this case, the alias for the private key is selfsigned.

Obtaining a Commercially-signed Certificate

You can obtain commercial certificates from a certificate authority (CA), such as verisign.com or thawte.com by submitting a certificate signing request (CSR) to the CA.

  1. Use the following command to create the CSR:  

    keytool -certreq -alias selfsigned -keystore keystore.jks -file cer- treq.csr
  2. You will be prompted to enter the keystore password. A certreq.csr CSR file is created for the key with the alias selfsigned.

  3. The CA will return a Root or Chain certificate and the newly signed certificate, both of which must be imported into your keystone. Use the following command to import your root certificate:

    keytool -import -alias root -keystore keystore.jks -trustcacerts - file <filename_of_the_chain_certificate>

  4. Use the following command to import the new certificate:

    keytool -import -alias dtp -keystore keystore.jks -file <your_certificate_filename>

Disabling HTTPS

Change the protocol in the <LS_INSTALL>/data/conf/PSTSecConfig.xml file to HTTP:

<pstsec-config>
	<remote-authentication>
    	<enabled>false</enabled>
    	<host>localhost</host>
    	<port>8443</port>
		<protocol>http</protocol> 
	</remote-authentication>
</pstsec-config>

Disabling Port 2002 on License Server

Insure++ communicates with License Server over port 2002. All other Parasoft tools communicate with License Server over the standard HTTP/HTTPS ports. If you are not using License Server or are only using License Server with other Parasoft tools, you can disable port 2002 as a security best practice within your DTP infrastructure. The following instructions describe how to disable port 2002. 

  1. Stop License Server by running, as an administrator, the stopLS script located in the <LS_INSTALL>/app directory.
  2. Open the ls.conf file located in the <LS_DATA_DIR>/LicenseServer/conf directory.

  3. Add an <enabled>false</enabled> element to the <Server> element:

    <?xml version="1.0" encoding="UTF-8"?>
<Root>
    <Server>
        <enabled>false</enabled>
        <port>2002</port>
        <concurrent_connections_limit>100</concurrent_connections_limit>
        <start_deactivated>true</start_deactivated>
    </Server>
    ...
</Root>
  4. Save the file and restart License Server by running, as an administrator, the startLS script located in the <LS_INSTALL>/app directory.

Changing Port 8005 on License Server

Port 8005 is the default Tomcat shutdown port, but you can run into a port conflict on some Windows servers. To resolve this:

  1. Run the stopLS script in the <LS_INSTALL>/app directory as an administrator to stop License Server.
  2. Open the server.xml file in the <LSS_INSTALL>/app/tomcat/conf/ directory.
  3. Find the <Server port="8005" shutdown="SHUTDOWN"> element and change the port value to a port that is not being used (for example, 8006).
  4. Save the file.
  5. Run the startLS script in the <LS_INSTALL>/app directory as an administrator to restart License Server.
  • No labels

Need assistance? Visit our support page