Importing Wildcard SSL certificate (PEM format)

The following commands are to be executed from the command prompt in the directory <Zoho_Analytics_Home>\jre\bin>. 

• Input the Fully Qualified Domain Name details to the Zoho Analytics Keystore.

keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore

• Enter the password as 'accounts'. If you use your own password, please update the same after the keyword keystorePass in the following files.

  • <Zoho_Analytics>/conf/server.xml

Note: The initial prompt asking for name denotes the common name, so enter your domain name.

To delete an entry, use the following command.

• keytool -delete -alias analytics -keystore server.keystore

• Execute the following command:

keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>

• Place the .pem and .key files under the <C:\Program Files (x86)\GnuWin32in> of OpenSSL. In case OpenSSL is not installed, please install the same to proceed.

• Using command prompt, navigate to the OpenSSL installation folder location. (For example, <C:Program Files (x86)GnuWin32\bin>)

• Execute the following command:

openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out  ./mydomain.com.p12

​where, mydomain.com is the actual domain url that is to be used.

• Copy the mydomain.com.p12 from this location <C:\Program Files (x86)\GnuWin32\bin>, and place it under <Zoho_Analytics\jre\bin>

• Execute the following command using command prompt:

keytool -importkeystore -srckeystore ./mydomain.com.p12 -srcstoretype PKCS12 -destkeystore server.keystore

• Stop the Zoho Analytics server.

• Replacing the existing server.keystores. Copy the server.keystore file found in the <Zoho_Analytics\jre\bin> directory to the following location:

  • <Zoho_Analytics>\conf 

• Restart the Zoho Analytics server.

Importing a PFX format

• Copy the pfx file (name.pfx) from the following location, and open the 'server.xml' file from the same location in a word pad. (Please take a backup of the server.xml file before making any changes.) 

  • C:\Zoho\Analytics\conf

• Locate the following entries in the server.xml file:

  • keystorePass="accounts" keystoreFile="conf/server.keystore" 

• Replace the file name server.keystore with the pfx file name (name.pfx), and enter the keystoreType="pkcs12" after the file name. Additionally, replace the keystorePass value 'accounts' with the password for the .pfx file. The entries should look like this:

  • keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"

• Restart Zoho Analytics.

Installing a .P7b Certificate

Some Certificate Authorities will provide certificates with a .p7b extension. In such cases, double click the file to open a console that lists the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files. These certificates can then be installed into the keystore file using the steps found here. 

To export the certificate,

• Find the domain.P7B. Right click on the certificate, navigate to All Tasks and select the Export option.

• The Certificate Export Wizard dialog appears. Select the export file format as Base-64 encoded X.509 (.cer), and click Next.

• Specify the name of the file you wish to export, and click Next.

• On successful export, verify the specified settings and click Finish. 

Installing certificates of common vendors

The following are the commands required to install a few common vendors' certificates. These instructions may vary based on the certificates issued by the Certificate Authorities. 

Follow the steps below if GoDaddy is your Certificate Authority.

• keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt

• keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt

• keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt

• keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt

Follow the steps below if Verisign is your Certificate Authority.

• keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer

• keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer

• keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer

Follow the steps below if Comodo is your Certificate Authority.

• keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore

• keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore

• keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore

• keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore

• keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore