Import third party SSL Certificate in ManageEngine Analytics Plus

This procedure is common to both editions of ManageEngine Analytics Plus - Professional Edition and Personal Edition.

In order to implement SSL, a web server must have an associated certificate for each external interface (IP address) that accepts secure connections.

Procedure for getting SSL Certificate for Tomcat webserver:

Following commands are to be executed from the command prompt in the directory <ME_Analytics_Plus_Home>\jre\bin>

1.  keytool -genkey -alias Analytics -keyalg RSA -keystore server.keystore

ManageEngine Analytics Plus file updates to be done if you use your own password.

If you use your own password then, you need to update it in the following files:

• <ME_Analytics_Plus_Home>/conf/server.xml (AnalyticsPlus 3600 and above)
  (AnalyticsPlus 3500 and below)

• <ME_Analytics_Plus_Home>/accounts/conf/server.xml 
  

• <ME_Analytics_Plus_Home>/reports/conf/server.xml 
  

Search for the word 'keystorePass'.  Replace the default password with your custom password.

Example of command execution, generating keystore file:

CN =mydomain

Enter your exact host and domain name that you wish to secure. Say, If you wish to secure http://www.mydomain.com/, then you will need to enter the exact host (www)and domain name (mydomain.com) in this field}.

If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com/ 

OU(Organization Unit)=MSP,  O(Organization) = My organization, L(Location) = Los Angles, S(State) = CA, C(Country) = US.

Again it will ask for a password give the same password you gave previously <keystore password>

2. keytool -certreq -keyalg RSA -alias Analytics -file certreq.csr -keystore server.keystore

    (Preserve this server.keystore in this directory itself. Don't  delete this file since this will be used for import in the subsequent steps) 

A "certreq.csr" file will be created in the <ME_Analytics_Plus_Home>\jre\bin directory.

3. Submit the certreq.csr file to the CA and get the certificate file from the Certificate Authority(CA) for web server "tomcat".

Note: CA should be providing you with a Domain Certificate, Intermediate Certificate and a Root Certificate.  Domain Certificate is identical to your domain, While Root and Intermediate Certificates are generic in nature and in most cases can also be downloaded from your CA's Website.

4. keytool -import -alias root -keystore server.keystore -trustcacerts -file <filename_of_the_chain_certificate>

    [Chain or root Certificate file, that would be given by CA].

5. keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file <filename_of_the_intermediate_certificate> 

    [Intermediate Certificate file (if any), that would be given by CA].

6. keytool -import -alias Analytics -keystore server.keystore -trustcacerts -file <your_certificate_filename>

    [Certificate file sent by CA to you specifically for your domain]

7. Copy the server.keystore file in the <ME_Analytics_Plus_Home>\jre\bin directory to the following directories:

• <ME_Analytics_Plus_Home>\Reports\conf
  

• <ME_Analytics_Plus_Home>\accounts\conf
  

• <ME_Analytics_Plus_Home>\conf  (AnalyticsPlus 3600 and above)

8. Restart the ManageEngine Analytics Plus server.

Vendor specific procedure to be referred in case the steps differ based on the certificate file type provided by CA.

Comodo:

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/638/37/certificate-installation-java-based-web-servers-tomcat-using-keytool

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/0/

Digicert:

https://www.digicert.com/ssl-certificate-installation-tomcat.htm

RapidSSL:

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actpl=CROSSLINK&id=SO16220

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO16221