Solution to Licensing Problems with Cloud License Service (CLS)

Rate this Article

February 8, 2025

Last modified: 02/11/2025, 10:01 pm

Knowledge Base Article Advisory Troubleshooting Announcement Warning

Issue Description:

Customers are having licensing problems with Cloud License Service (CLS).

Cause:

Your OS Trusted Root Certificate Authorities have not been updated.

Why You Need to Install a New Certificate:

This is an ongoing effort to ensure your systems are secured.
A good background article can be found here: DigiCert: Expiring public root and intermediate CA certificates

Resolution:

You need to install the new certificate ("Amazon Root CA 1-4") on your OS.
If you need any help on updating your certificate, please raise a support case at https://anyware.hp.com.

Is Updating Your Operating System not an Option?

Amazon CA Root 1-4 are in fact part of the Microsoft Trusted Root Program: https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/
Therefore, updating your operating systems (Windows, Linux, macOS) is the quickest way to update your OS' Trusted Root Authorities Store and resolve this issue.

We only recommend to manually install the root CA as in the following, if updating your OS is not an option or it does not fix the issue.

Windows

Download the Amazon Root CA: amz-all-compliance.flexnetoperations.com.crt
Please note that, downloading the certificate file may generate a warning on Windows.

Option-1 Install the certificate using Windows GUI:

In the Certificate window, click Install Certificate
Choose Local Machine (for all users) or Current User (just for yourself) and click Next
Select Automatically select store based on the certificate type and click Next, then Finish
Click OK to confirm the installation
Go to Start Menu -> "Manage Computer Certificates", ensure that the Amazon Root CA 1-4 are installed as in the following screenshot.

Option-2 Command-line installation:

NOTE: this would install all latest certificates for Windows OS to your certificate store - consult your IT administrator as this requires admin privilege.

Open Command Prompt with an elevation (admin) privilege
Run: "certutil.exe -generateSSTFromWU roots.sst"
Run: "certutil.exe -addstore root roots.sst"
Go to Start Menu -> "Manage Computer Certificates", ensure that the Amazon Root CA 1-4 is installed as in the above screenshot

Note: if after installing, the cert is not in the above folder, you can manually move the crt file to the above folder.

Linux - RHEL/Rocky

Download the Amazon Root CA: amz-all-compliance.flexnetoperations.com.crt
Move the downloaded CA file to /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
Run the following to ensure /etc/ssl/certs has the Amazon_Root_CA_*.pem (1-4):
- openssl x509 -in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -text -noout

Linux - Ubuntu

sudo apt install ca-certificates
sudo update-ca-certificates
Run the following to ensure /etc/ssl/certs has the Amazon_Root_CA_*.pem (1-4):
- ls -lha /etc/ssl/certs | grep Amazon_Root_CA

macOS

Install the latest OS updates from Apple.