Post Installation Setup

FMS has certain post installation requirements after product installation to ensure smooth operation. These are described in this section.

Licence Configuration

A licence (fms.lcn) MUST be obtained from the provider and placed in the FMS installation directory.

The licence is only valid for a specific amount of time, typically one year. Once it expires the server will halt operation and not restart, a new licence must be obtained to allow for normal operation.

The licence detail including the licence holder and the licence expiry date is written to the system logger. Details on where the server outputs logging detail is in the Section called Log4j Configuration in the Chapter called Configuring FMS.

Contact for more information on obtaining a licence.

Keystore Configuration

Certificate Configuration

Certificates come in two forms, one being a certificate as obtained from a commercial certificate authority (CA) such as Verisign or Thawte, and the other being a self generated certificate.

Commercial certificates are signed by a CA and are generally accepted by browsers without being prompted to accept the certificate.

Both the server (producer) and the client (consumer) require a keystore where the server keystore will contain the server private key and the client Public Key (certificate) as generated on the client machine. Conversely the client Keystore contains the Client Private Key and the Server Public Key (certificate). These keys are used to enable secure message communication between the client and the server as well as between server and server. The keys are also used to encrypt and digitally sign the content of any envelope communicated between a local and remote server.

Obtaining a CA Signed Certificate

Purchase a certificate from a recognised Certificate Authority and proceed with the Section called Importing Public Keys (Certificates) into the Server Keystore for installing it.

Generating a Private and Public key (Certificate)

A private and public key can be generated using readily available tools such as the Java keytool utility with the generated keys stored in a keystore. Separate keystores must be created for the server and client. Different aliases must also be used for each key stored in the keystore.

See the Section called Keystore Setup and Examples for generating the keystore containing the private and public keys.

The keystore is secured with a configurable password. By default this password is changeit. Any configuration that uses a keystore to access certificates MUST have the correct password configured. Entering a different password when generating a key will require re-configuration of the connection interfaces as per the Section called FMS Messaging Configuration in the Chapter called Configuring FMS.

In addition to the keystore password, an additional password for the actual private key is required which will be prompted for. The default password is fmsrns. Changing this requires re-configuration of the interface configuration.

It is strongly advised that the default passwords be changed from the above. The affected configuration file is called ConnectionConfiguration.xml typically located in directory /etc/fms/ for the Linux distributions and in the FMS installation directory, typically Program Files\fms, for the Windows distributions.

Exporting a Public Key (Certificate)

The local server public key must be exported for importing into the remote keystore. The remote public key must be exported for importing into the local keystore.

See the Section called Keystore Setup and Examples for exporting the public keys.

Importing Public Keys (Certificates) into the Server Keystore

Obtain the client public key and remote server public key as per the Section called Exporting a Public Key (Certificate).

See the Section called Keystore Setup and Examples for importing the public keys into the server keystore.

Keystore Setup and Examples

The following Linux examples provide the necessary steps for setting up the keystores containing the private and public keys on both the local (producer) and remote (consumer) hosts. Prior to running these examples ensure that the PATH environment is set to include the directory where the keytool executables reside. This is typically the same directory where the Java executable resides.

Note that, in this case, the keystore acts as the truststore for remote host certificates.

\
\# Generate the server keystore containing the server private and
\# public keys on the local server (producer).
\cd ~fms
\keytool -genkeypair -keyalg RSA -validity 365 -keystore certs \
\  -storepass changeit -keypass fmsrns -alias fmsrns
\
\# Optionally generate the server keystore containing the server private and
\# public keys on the remote server (consumer).
\cd ~fms
\keytool -genkeypair -keyalg RSA -validity 365 -keystore certs \
\  -storepass changeit -keypass fmsrns -alias fmsrns
\
\# Export the public key from the local server (producer) keystore.
\keytool -export -file producer.public.cer -keystore certs \
\  -storepass changeit -alias fmsrns
\
\# Export the public key from the remote server (consumer) keystore.
\# Alternately obtain it from the system administrator on the remote server
\keytool -export -file consumer.public.cer -keystore certs \
\  -storepass changeit -alias fmsrns
\
\# Import the remote server public key (consumer) into the local server keystore (producer)
\# after having obtained it from the remote server
\cd ~fms
\keytool -import -file consumer.public.cer -keystore certs \
\  -storepass changeit -alias consumer_fmsrns
\
\# Import the local server public key (producer) into the remote server keystore (consumer)
\# after having provided it to the remote server
\cd ~fms
\keytool -import -file producer.public.cer -keystore certs \
\  -storepass changeit -alias producer_fmsrns
\
\            

Database Installation and Configuration

Installing and configuring the database and creating the FMS database schema requires the necessary database administration permissions and skills. Also see the PostgreSQL documentation and in particular the Server Configuration and Client Authentication chapters.

UNIX or Linux PostgreSQL Installation

Ensure the PostgreSQL version 9.5 or later database server is installed. To verify the version query the software installation database for the PostgreSQL packages.

The following example illustrates querying an RPM based PostgreSQL database distribution.

\
\[root@localhost ~]# rpm -qa postgres* 
\
\          

The following example illustrates querying a debian based PostgreSQL database as used in Ubuntu.

\
\[root@localhost ~]# dpkg -l postgres* 
\
\          

Once PostgreSQL is installed, configure the database to allow TCP/IP connections by changing the listen_addresses entry in the postgresql.conf file as per the following example

\
\listen_addresses = 'localhost,192.168.0.1'
\
\          

where address 192.168.0.1 is the TCP/IP address of the computer connecting to the database.

Ensure that the entries for local connections are set to trust in pg_hba.conf else PostgreSQL will prompt for a password when connecting to database fms as user fms should the user fms not also exist as a system user.

The entry in pg_hba.conf should take the following form and restart PostgreSQL for unconditional user access without authentication

host sameuser all 127.0.0.1/32 trust

and as follows if password authentication across all users from any host is required

host all all 0.0.0.0/0 md5

The above configuration change requires restarting PostgreSQL.

Refer to the PostgreSQL documentation for the further configuration details.

Once the PostgreSQL database server is configured and started, the database user which FMS uses to connect to the database must be created as follows

First change to the default PostgreSQL user as follow

\[root@localhost ~]# su - postgres

Create the FMS database user by executing the following command as user postgres. The password for the postgres user is not set by default. If set obtain the password from the system administrator. .

\
\[postgres@localhost ~]# createuser -d -S -R -D fms
\
\          

The above command creates a PostgreSQL user called FMS with no superuser privileges and requiring no password.

Create the database as follows.

\
\[fms@localhost ~]$ createdb --owner fms fms
\
\          

Execute the provided databaseCreation.sql script located in the fms/schema/postgresql/ directory to create the required database tables as follows

\
\[fms@localhost ~]$ cd /home/fms/schema/postgres/
\[fms@localhost ~]$ psql --username fms --file databaseCreation.sql fms
\
\          

Alternatively the fms.sql script may be used. This script is a wrapper that creates the user and database and then drops the FMS tables should these exist by including dropTables.sql. It then creates the tables in optional schemas by including databaseCreation.sql.

Feel free to to make any adjustments to the SQL code in the scripts including creating and using separate schemas as discussed in the Section called Advanced PostgreSQL Database Installation and Configuration.

Windows PostgreSQL Database Installation and Configuration

PostgreSQL natively supports the Windows operating systems. The following steps illustrate the required steps for installing and configuring the PostgreSQL database server as well as setting up the table schema as used by FMS.

  1. Install the Windows PostgreSQL version 9.5 or later distribution available for free download at http://www.postgresql.org.

  2. Create an fms user and database using the pgAdmin utility. Ensure that the fms database is owned by the fms user.

  3. Create the fms data table schema as follows

    • Select the fms database, select OK if the Database Encoding window pops up, then open the SQL dialog by selecting the 'Execute arbitrary SQL queries' button.

    • In the SQL dialog click on the open button and select the fms.sql file in the the '\Program Files\FMS\schema\postgres' directory.

      The fms.sql script is a wrapper that first drops the fms tables, should these exist, by including dropTables.sql, and then creates the tables by including databaseCreation.sql. Feel free to to make any adjustments to the SQL code in the script including creating and using separate schemas as discussed in the Section called Advanced PostgreSQL Database Installation and Configuration.

      Optionally select the databaseCreation.sql if creating the tables for the first time in the default schema.

    • Select the Execute Query button to execute the table creation script. Once completed a summary will be displayed below. If successful then close the SQL dialog.

      Modify the owner of the schema in which the fms tables are created to fms by right clicking on the schema and selecting properties. Then, if necessary, change the owner by selecting fms in the drop down list.

Advanced PostgreSQL Database Installation and Configuration

Advanced users may wish to install the PostgreSQL on a separate machine from the FMS machine and may also wish to create separate database schemas for use with FMS. To do so is feasible but requires the necessary knowledge of PostgreSQL.

Remote PostgreSQL Database Installation

The database may be installed on a separate machine from the FMS machine. The only criteria is that the database machine is reachable by the FMS machine over a fast network connection and that the database on the remote machine is configured to accept connections from the machine hosting FMS. This is achieved by specifying the database host in the FMS database configuration .

Database Schemas

A database may optionally have multiple schemas created where a single database may be used for several trading partners but with a separate schema for each partner. Separate schemas may also be created on the same database for each interface. It is also possible to create a set of schemas for each company on a single database in the case of the enterprise version. Separate schemas may also be created for the production and test systems.

Details on creating database schemas are outside the scope of this manual but are well described in the PostgreSQL documentation.

FMS associates databases at the Interface level where an optional schema may be specified. If a schema is specified then it is essential to create the data table configuration for that schema. This may be done by simply editing the fms.sql database creation script and removing the comments from the lines prior to including the the table drop (dropTables.sql) and creation (databaseCreation.sql) scripts.