Secure License Server Configuration

Secure communication between ZIETrans Runtime and the Flexera License Server (cloud or local) involves signed content using a public/private keypair. A ZIETrans Administrator needs to generate and distribute this key pair. ZIETrans Runtime signs the licensing requests with the private key and the license server verifies the signatures with the corresponding public key.

  1. Generate Public/Private Keypair :

    The public/private keypair generated is used for secure communication. The keypair should be in “RSA 2048-bit” format. The private key format should be “pksc8”, and that of the public key should be “DER” format.

    Various third-party tools are available for generating this keypair.Refer to the documentation supplied with the third-party tool for instructions. The following is an example of keypair generation using OpenSSL:
    # Generate private key.
    $openssl genrsa -out private_key.pem 2048
    # Get the public key.
    $openssl rsa -in private_key.pem -pubout -outform DER -out public_key.der
    # Convert private key to pkcs8 format to use it 
    $openssl pkcs8 -topk8 -inform PEM -outform PEM -in private_key.pem -out private_key.pem -nocrypt
  2. Upload Public Key :
    The public key must be uploaded to the license server using the command line tool “flexnetlsadmin”, provided by Flexera. This tool requires Java 1.8 to run and requires the license server’s Admin password to be set. Follow the instructions in the “Introduction to the HCL License Server” document to set the Admin password, and Run the “flexnetlsadmin” tool as follows:
    flexnetlsadmin.bat -server https://[license server host]/api/1.0/instances/[license server ID] -authorize admin [license sever admin password] -uploadPublicKey [local path to public key (in DER format)]
    For example:
    flexnetlsadmin.bat -server https:// hclsoftware.compliance.flexnetoperations.com/api/1.0/instances/FED321CBA -authorize admin adminpwd -uploadPublicKey C:\temp\ public_key.der
    For resolving SSL issues that occur while using the “flexnetlsadmin” tool, try one of the following:
    1. Upgrade the JVM which is being used to run the “flexnetlsadmin” tool.
    2. Import the certificate of https://hclsoftware.compliance.flexnetoperations.com into the JVM’s trust store.
    3. Run the “flexnetlsadmin” tool with the -noCertCheck flag (not recommended).

    Another method to upload the public key to Flexera server, is by using Flexera admin REST API /rest_licensing_keys, for which, an authorization bearer token needs to be generated using the /authorize API, and attached to the /rest_licensing_keys API header. For more information about instructions for Flexera licensing and generating authorization bearer tokens, refer to the information available at : https://resources.flexera.com/instructions/productlicensing/en/FNL.htm