Configure for HTTPS

Acquire a certificate

To authenticate to clients, the On-Premise License Server must have a certificate that serves as proof of identity. Certificates come in two forms: Certificate Authority (CA) signed certificates and self-signed certificates.

Option 1: CA-signed certificate

CA-signed certificates provide an additional level of security because they can be automatically verified and do not rely on human verification. By providing you a certificate, the certificate authority is vouching for your identity. Software systems such as web browsers and the Java Runtime Environment (JRE) include the public keys of the trusted certificate authorities that are used to verify server certificates were vouched for by a trusted CA.

To acquire an SSL CA-signed certificate, contact the appropriate person in your IT department, requesting a Subject Alternative Name (SAN) extension that matches the DNS hostname.

Option 2: Self-signed certificate

Self-signed certificates have the advantage of being free and easy to generate. Their disadvantage is that they are not automatically trusted by the products and you have to import them to your browser/system to make a trusted connection.

To acquire a self-signed certificate, use the following commands:

openssl req -x509 -sha256 -newkey rsa:2048 -keyout slm.key -out slm.crt -addext “subjectAltName = DNS:slm.enterprise” -days 365
openssl pkcs12 -export -in slm.crt -inkey slm.key -out slm.enterprise.p12

Open the folder where License Management is installed:

Copy the certificate file slm.enterprise.p12 to folder Smartbear/LicenseManager/cert.

Open Smartbear/LicenseManager/bin/slm_service.vmoptions file and add following entries:

-Dserver.port=443
-Dserver.ssl.enabled=true
-Dserver.ssl.key-store-type=PKCS12
-Dserver.ssl.key-store=../cert/slm.enterprise.p12
-Dserver.ssl.key-store-password=certificate_store_password # optional if certificate_store is not secured by password

Restart SLM License Manager service: