VE License Server Web-based Management GUI
Starting with VE license server version 1.1.13, the previous information-only web interface has been changed to a management interface. It provides the following functions:
Prerequisites:
The TCP port used by remote systems to web-based management interface must be permitted on the license server, and by any intermediate firewall.
Default: TCP/8084; an alternative port can be configured in /opt/license-server/config.ini.TCP port 80 must be available to the license server to redirect HTTP requests to HTTPS. For remote connections, the port must also be permitted through intermediate firewalls. Starting with version 1.1.25, redirection (and thereby use of TCP port 80) can be enabled or disabled in /opt/license-server/config.ini.
Important: at the time of writing, the web-server component of the license server applications will not start if a port required by the web server is already used by another application. This will also prevent the licensing component from starting.
Accessing the Management GUI and Logging in
The web-based management GUI is provided by the license server on TCP port 8084 by default (the port can be changed in /opt/license-server/config.ini; see also Additional Configuration Options - the config.ini File).
Use the following URL in any web browser to access the management GUI:https://<host>:<port>/ where
host is the name or address of the VE license server, and
port is the TCP port (8084 by default).
Use localhost as the hostname for accessing the GUI of a license server running on the local system. Example: https://localhost:8084. Using just http://<license-server-ip> will redirect to the configured HTTPS port.
Please note: any intermediate firewall must allow the TCP ports used for the management GUI.
Upon connecting to the URL, a login screen will be displayed.
Default credentials:
Username: charon
Password: stromasys
After logging in, you will be presented with a list of menu options on the left pane of the screen and the content of the selected option on the right hand. Please change the default password immediately.
Certificate Warning when Connecting to the Management GUI
When connecting to the VE license server web-based management GUI for the first time, the web browser will issue a warning and inform the user that the connection is not private. This is due to the fact that Stromasys, when creating the installation kit, cannot foresee the actual customer environment. Thus, the SSL certificate included with the license server kit includes a dummy hostname that does not match the real hostname of the customer license server system, and it also contains Stromasys as the certificate authority which is unknown to web-browsers by default.
It is possible to override the warning and connect to the page. Otherwise, users must
either obtain a certificate for the host from one of the commercial certification authorities, or
they must create their own self-signed certificate and add it to the web browser.
The new certificates replace the server.pem certificate in /opt/license-server/certs (move the old certificate to a save place).
Steps to create a self-signed certificate:
Log in as the root user.
Stop the license server (
# systemctl stop licensed)Go to /opt/license-server/certs.
Move the existing content of the directory to a backup directory.
Create a root certificate (each command must be entered on one command-line - irrespective of necessary line breaks in this document):
# openssl genrsa -out ca.key.pem 2048# openssl req -new -key ca.key.pem -out ca.csr -subj "/C=CN/ST=GD/O=STROMASYS/OU=LICENSE/CN=STROMASYS.COM"# openssl x509 -req -days 7300 -sha256 -extensions v3_ca -signkey ca.key.pem -in ca.csr -out ca.cerCreate a server certificate:
# openssl genrsa -out servercert.key.pem 2048# openssl req -new -key servercert.key.pem -out servercert.csr \-subj "/C=CN/ST=GD/O=STROMASYS/OU=LICENSE/CN=hostname.domain"# openssl x509 -req -extfile <(printf "subjectAltName=DNS:hostname.domain,DNS:hostname.domain") \-days 7300 -sha256 -CA ca.cer -CAkey ca.key.pem -CAserial ca.srl -CAcreateserial \-in servercert.csr -out servercert.cer
Replace hostname.domain with the real name of the VE license server system.
Create the combined server certificate for the license server:
# cp servercert.cer server.pem# cat servercert.key.pem >> server.pemRestart the license server (
# systemctl start licensed)Import the root CA (ca.cer) into your browser’s Trusted Root Certification Authorities Certificate Store.
Please note: at the time of writing, the custom certificate was overwritten by upgrading or downgrading the license server software. Therefore, make sure to back up you certificate and to restore it after an upgrade or downgrade of the license server.
Displaying the License Information
The first screen after login is the license information screen similar to the one shown below:
It can be selected via the menu on the left (License Information).
Displaying the List of Connected Clients
The client list can be displayed by selecting the Client List option on the left pane. A sample with one connected client is displayed below:
Please note: Charon-PAR license clients cannot inform the license server about the configured number of CPUs and amount of memory. Hence, for these clients, the corresponding fileds in the display will be empty.
Displaying the List of Registered Clients (AutoVE mode)
This option shows clients registered with the AutoVE license servers independent of whether the instance is active.
Updating a License
The license management section can be opened by selecting Update License on the left pane. This will open the license management screen as shown below:
The license management section includes two options:
Exporting a C2V file (the fingerprint of the license server system)
Importing a V2C file (the license file created by Stromasys after receiving the C2V file)