Welcome to Portal

?Unknown\pull-down

Welcome to Zoho Cares

Bienvenido a Soporte de Zoho

Search our knowledge base, ask the community or submit a request.

Applying an SSL Certificate (Wildcard)

Please Note: These are general guidelines,  It is always advised to refer the instructions published by respective CAs to import SSL certificate into tomcat server. 


Importing WildCard SSL certificate (PEM format)

-----------------------------------------------------------

Step 1 Updating Keystore

            Following commands are to be executed from the command prompt in the directory <ME_Analytics_Plus_Home>\jre\bin>

Input Fully Qualified Domain Name details to ManageEngine AnalyticsPlus Keystore.

keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore

Enter the password as 'accounts' (do not change this)

If you use your own password, you need to update it in the following files after the keyword keystorePass

<ManageEngine AnalyticsPlus>/conf/server.xml 

Fill in the details and Note : The first prompt asking for name denotes CN, so mention your domain name

To delete an entry use

keytool -delete -alias analytics -keystore server.keystore

Step 2 Import CA into keystore

keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>

Place the .pem and .key file under this folder of OpenSSL (C:\Program Files (x86)\GnuWin32in)

If OpenSSL is not installed, please install to proceed

Using Command Prompt, go to OpenSSL installation folder location (Ex: C:Program Files (x86)GnuWin32\bin)

Execute the below command (mydomain.com --> is the actual domain url that is to be used)

openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out  ./mydomain.com.p12

Copy the mydomain.com.p12 from the location C:\Program Files (x86)\GnuWin32\bin and place it under ManageEngine AnalyticsPlus\jre\bin

Execute the command using the command prompt,

keytool -importkeystore -srckeystore ./mydomain.com.p12 -srcstoretype PKCS12 -destkeystore server.keystore


Step 3 Updating the changes in all modules

- Stop all ManageEngine AnalyticsPlus services.


- Replacing the existing server.keystores'


      - Please copy the server.keystore file in the <ManageEngine AnalyticsPlus>\jre\bin directory to the following locations

            ManageEngine AnalyticsPlus\conf  

- Start all ManageEngine AnalyticsPlus services.


Importing a PFX format

----------------------------

Copy the pfx file (name.pfx) in the following locations and open the file 'server.xml' from the same following locations in a word pad.

Note: Please take a copy of the server.xml as a backup before making changes

Please copy the pfx file in the following locations

C:\ManageEngine\AnalyticsPlus\conf

Locate the below entries in the server.xml file.

keystorePass="accounts" keystoreFile="conf/server.keystore" 

Please replace the file name server.keystore with the pfx file name (name.pfx) and enter the keystoreType="pkcs12" after the file name. Also replace the keystorePass value 'accounts' with the password for the .pfx file.

The entries should look like this,

keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"

Restart AnalyticsPlus services


Install a .P7b Certificate

-----------------------------

Some CA will provide the certificates with an extension .p7b. In such a case you can double click on this file to open a console which will list all the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files. 

These certs can then be installed onto the keystore file using the instructions given in Step 3.

To export the certificate,

  • Find domain.P7B.


  • Right click on the certificate and select All Tasks -> Export option.


  • The Certificate Export Wizard dialog pops up. Click Next button to proceed.


  • Select the export file format as Base-64 encoded X.509 (.cer). Click Next.


  • Specify the name of the file you want to export. Click Next.


  • The certificate export wizard is completed successfully. You can check for the settings you have specified. Click Finish.


  • A success message appears in a dialog box. Click OK.


Commands to install certificates of some common vendors

Please find below the commands you need to use to install certificates of some common vendors.

NOTE: These instructions might change depending on the Certificates issued by the CA.

GoDaddy

If your CA is "GoDaddy", then the steps to follow will be:

 

keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt

keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt

keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt

keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt

 

 

Verisign

If your CA is "Verisign", then the steps to follow will be:

keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer

keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer

keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer

 

 

Comodo

If your CA is "Comodo", then the steps to follow will be:

 

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore

keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore

keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore

keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore

keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore



Helpful?11
Updated: 4 years ago
Share :