SSL Certificate Issues

SSL Certificate Issues

Hey, community!
I'm having some troubles with getting SSL to work happily with ServiceDesk Plus. With Microsoft deprecating basic authentication for Exchange Online, and OAuth requiring SD+ to be in HTTPS mode, this is a brand new problem (we host on-premises, and it's only available on our internal LAN, so a lack of SSL has not been an issue until now).

I've fumbled my way through the eldritch horror of using the java/tomcat command line tools (between ManageEngine's instructions, and some other instructions for other eldritch horror apps built on java/tomcat) to make a cert request, shoved it through our internal Active Directory cert authority, and got the actual cert.

Unfortunately, my second delve into the arcane isn't as fruitful.

Problem one: I don't entirely understand what the deal is for all of the different certificate installs using keytool for root certs and intermediates and aliases and all that. I just have the one cert that needs to be applied to the website.

Problem two: The instructions indicate:
Finally, update the name of the keystore and the password, you gave in Step 1, while generating sdp.keystore  in the file server.xml present under <ServiceDeskPlus-MSP_Home>\server\default\deploy\jbossweb-tomcat50.sar
And that file/directory doesn't even exist on my server. C:\ManageEngine\ServiceDesk\conf\ exists, which is similar but I can’t find a “default” folder anywhere. I cobbled it the best I could by slapping down the keystore file everywhere it looked relevant, and editing all of the server.xml files I could find, but that didn't seem to make the certificate take effect upon a restart of the service.

As a last resort, I took what looks like should be the first, default, and most common option: I just tried to import it with the GUI on the settings page.
I got this error:
Of course the simple looking option presented to me in an obvious way didn't work.
At this point I don't have a clue what to do or how to do it, and I really don't want to subconsciously train my users to click "ignore this security issue".

I can get approval to buy a certificate, if I need to, but it seems like the issue isn't the source of the certificate, just the whole keystore and cert configuration being totally broken.

Anyone have any ideas? I'm almost out of hope, and long since out of coffee.

      New to ADSelfService Plus?


                Related Products