Performing preinstallation tasks on Linux

Before you install HCL® Local License Server 3.0, you might need to prepare or configure your computer.

Before you begin

You must have the following privileges:
  • Root user privilege to execute the commands.
  • Access to the GUI screen of the Linux OS.

About this task

You must download the installer, set the Java environment, configure the Linux computer, and obtain an SSL certificate required for HCL® Local License Server.

Procedure

  1. Download the offline installer:
    1. Log in to the HCL Software License & Download portal.
    2. Select List Downloads from the Downloads menu, then select HCL® Local License Server 3.0 from Uncategorized Products.
    3. Click HCL_LLS_3.0_Linux_x64_GUI_Offline.tar.gz to download the installer.
  2. Set the JAVA_HOME or JRE_HOME with the PATH environment variable on your Linux system by appending the export JAVA_HOME or JRE_HOME and PATH command with the values in the .bashrc file. You can use the editor tool (For example, vi or vim).

    For example, if you installed JDK, then set JAVA_HOME = /usr/lib/jvm/java; PATH = $PATH:$JAVA_HOME/bin. If you installed JRE, then set JRE_HOME = /usr/lib/jvm/java/jre; PATH = $PATH:$JRE_HOME/bin.

  3. Optional: If the Linux version that you are using is not built using the GUI mode, then install the following packages to use the GUI-based HCL® Local License Server installer:
    • xterm*
    • xorg*
    • xclock
    • xauth
    • xorg-x11-xauth
    Notes: You must use the appropriate package manager such as yum, rpm, or dnf depending on the version of the operating system while you install the listed packages.

    Also, if you are using a GCC version that is older than the recommended version, you might get an error while launching configure utility. To resolve the issue, refer to https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110865.

  4. Optional: If you are using VNC Viewer with a headless Linux VM, then you must enable x11 port forwarding:
    1. In RHEL 7.x or CentOS 7.0, run the following command:
      yum install xterm* xorg* xclock xauth

      or, if you are using RHEL 8.x or CentOS 8.0, run the following command:

      yum install xorg-x11-xauth

    2. Run the following command to verify if the above packages are installed: rpm -qa | grep xorg-x11-xauth
  5. Obtain one of the following SSL certificates:
    • Third-party SSL certificate
      Perform the following steps to export the PFX/P12 certificate file to the .certs file and then import the file into the java truststore (cacerts) path.
      Notes:
      • For FQDN-Hostname, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
      • For LLSHostname, you must enter the hostname of HCL® Local License Server. For example, myserver.
      Action Command
      Export the the PFX/P12 certificate file to .certs file that needs to be imported into the truststore (cacerts) file. sudo keytool -export -alias FQDN-Hostname -keystore <pfx/p12 file> -rfc -file LLShostname.certs -storepass <password used during PFX/P12 certificate creation>

      For example, sudo keytool -export -alias myserver.hcl.com -keystore keystore.pfx -rfc -file myserver.certs -storepass Ch@ngeit1
      Import the .certs file to the Truststore (cacerts) path.

      Command for Oracle Java SE 8u281 or later and OpenJDK 8u282 or later:

      sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass <truststore default password> -noprompt

      For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt

      Command for OpenJDK 11.0.10 or later:

      sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass <truststore default password> -noprompt

      For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass changeit -noprompt

      Note: The default truststore(cacerts) password is changeit.
    • Self-signed certificate
      Perform the following steps to generate the SSL certificate file in the .jks format, export the file, and then import the file into the Java TrustStore (cacerts) path.
      Notes:
      • For FQDN-Hostname, you must enter the fully qualified domain name of HCL® Local License Server. For example, myserver.hcl.com.
      • For LLSHostname, you must enter the hostname of HCL® Local License Server. For example, myserver.
      • For SystemIPAddress, provide your system IP address, which must be a static IP address.
      • For the first and last name, you must enter the fully qualified domain name of HCL® Local License Server, when prompted. For example, myserver.hcl.com.
      • You must use the same password for the keystore.jks file creation and for exporting the keystore.jks file to .certs file.
      Action Command
      Generate the self-signed SSL certificate (keystore.jks). Navigate to the path of the Keytool.exe file where Java is installed and run the following command as an administrator:

      sudo keytool -genkey -keyalg RSA -alias FQDN-Hostname -keystore keystore.jks -storepass Ch@ngeit1 -validity 800 -keysize 4096 -ext san=dns:FQDN-Hostname,dns:localhost

      For example, sudo keytool -genkey -keyalg RSA -alias myserver.hcl.com -keystore keystore.jks -storepass Ch@ngeit1 -validity 800 -keysize 4096 -ext san=dns:myserver.hcl.com,dns:localhost
      Export the .jks certificate file to .certs file that needs to be imported into the TrustStore (cacerts) file. sudo keytool -export -alias FQDN-Hostname -keystore keystore.jks -rfc -file LLShostname.certs -storepass <password used during keystore.jks creation>

      For example, sudo keytool -export -alias myserver.hcl.com -keystore keystore.jks -rfc -file myserver.certs -storepass Ch@ngeit1
      Import the .certs file to the TrustStore (cacerts) path.

      Command for Oracle Java SE 8u281 or later and OpenJDK 8u282 or later:

      sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass <truststore default password> -noprompt

      For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt

      Command for OpenJDK 11.0.10 or later:

      sudo keytool -importcert -file LLSHostname.certs -alias FQDN-Hostname -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass <truststore default password> -noprompt

      For example, sudo keytool -importcert -file myserver.certs -alias myserver.hcl.com -keystore "${JAVA_HOME}/lib/security/cacerts" -storepass changeit -noprompt

      Note: The default TrustStore (cacerts) password is changeit.

Results

You have completed the preinstallation tasks.

What to do next

You must begin the installation task. See Installing HCL Local License Server on Linux.