When attempting to integrate ADManager Plus with ServiceDesk Plus on-prem, users encounter the following errors:
ADManager Plus integration failed.
Unexpected end of file from server.
These errors often indicate an issue with the SSL certificate trust stores either in ServiceDesk Plus or ADManager Plus when running in HTTPS mode. The trust stores of each application must contain the appropriate SSL certificate components to ensure secure communication.
Before proceeding with the resolution steps, ensure the following:
Administrative access to the server and web console of both ADManager Plus and ServiceDesk Plus.
SSL certificate configured in ADManager Plus and ServiceDesk Plus (preferred format .pfx, .crt, .cer, .p12).
If ServiceDesk Plus is running in HTTPS, its SSL certificate must be imported into ADManager Plus' trust store (ADManager Plus\jre\lib\security\cacerts).
If the certificate is in .pfx format:
Right-click the .pfx certificate and select Install Certificate.
Choose Trusted Root Certificate Authorities as the target store.
Complete the installation.
Open the Certificate Management console (mmc.exe) from the Windows search.
Navigate to Trusted Root Certificate Authorities > Certificates.
Locate the certificate based on the Issued To column (e.g., *.domain.com).
Right-click the certificate > All Tasks > Export.
When prompted, enter the password for the .pfx certificate.
Select DER encoded binary X.509 (.CER) format and export it as sdp-ssl-cert-1.cer.
Copy sdp-ssl-cert-1.cer to ADManager Plus\jre\bin.
Open the Command Prompt as Administrator and navigate to ADManager Plus\jre\bin.
Run the command keytool -import -trustcacerts -alias sdp_ssl_cert -file sdp-ssl-cert-1.cer -keystore ..\lib\security\cacerts.
When prompted for a password, enter changeit.
Confirm by typing yes when asked to trust the certificate.
Restart the ADManager Plus service for the changes to take effect.
If ADManager Plus is running in HTTPS, its SSL certificate must be imported into ServiceDesk Plus’ trust store (ServiceDesk Plus\jre\lib\security\cacerts).
Follow the same procedure as given in step 1 of case 1, but export the certificate as admp-ssl-cert-1.cer.
Open the Command Prompt as Administrator and navigate to ServiceDesk Plus\jre\bin.
Run the command keytool -import -trustcacerts -alias admp_ssl_cert -file admp-ssl-cert-1.cer -keystore ..\lib\security\cacerts.
When prompted for a password, enter changeit.
Confirm by typing yes when asked to trust the certificate.
Restart the ServiceDesk Plus service for the changes to take effect.
Verify SSL certificates: Use the following command to list certificates in the keystore:
keytool -list -keystore ..\lib\security\cacerts
Password changeit.
Check certificate expiry: Run the command openssl x509 -enddate -noout -in certificate.cer to check the expiration date of a certificate.
Debug connection issues: If errors persist, enable SSL debugging by adding the following JVM argument:
-Djavax.net.debug=all
This helps diagnose handshake failures and certificate mismatch.
Update Java keystore: If changeit does not work, ensure the correct Java version is used and check for multiple Java installations.