Applying an SSL Certificate (.cer\.crt format)
Please Note: These are general guidelines, It is always advised to refer the instructions published by respective CAs to import SSL certificate into tomcat server.
Some CA will provide the certificates with an extension .p7b. In such a case you can double click on this file to open a console which will list all the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files.
These certs can then be installed onto the keystore file using the instructions given in the below steps.
1. To export the certificate,
2. Find domain.P7B.
3. Right click on the certificate and select All Tasks -> Export option.
4. The Certificate Export Wizard dialog pops up. Click Next button to proceed.
5. Select the export file format as Base-64 encoded X.509 (.cer). Click Next.
6. Specify the name of the file you want to export. Click Next.
7. The certificate export wizard is completed successfully, click "Finish" the a success message appears in a dialog box, click "OK".
Please find below the commands you need to use to install certificates.
NOTE: These instructions might change depending on the Certificates issued by the CA.
.cer file type
keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer
keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer
keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer
.crt file type
keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt
keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt
keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt
After completing the above steps based on the certificate type, replace the server.keystore under <Analyitcs home>\conf and update the certificate password in <Analytics home>\conf\server.xml
Note: take a copy of server.keystore and server.xml under <Analytics home>\conf prior making any changes
New to ADSelfService Plus?
Related Articles
Applying an SSL Certificate (Wildcard - PFX)
Please Note: These are general guidelines, It is always advised to refer the instructions published by respective CAs to import SSL certificate into tomcat server. Importing WildCard SSL certificate (PFX format) Please follow the below steps: 1. ...Unable to integrate ServiceDesk Plus with Analytics Plus after applying SSL
Note: This problem occurs only with self signed certificates in Analytics Plus. Issue: [10:23:16:526]|[09-05-2016]|[SYSERR]|[INFO]|[68]|: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: ...Unable to integrate SDP MSP with Analytics Plus after applying SSL
Note: This problem occurs only with self signed certificates in Analytics Plus. Issue: [10:23:16:526]|[09-05-2020]|[SYSERR]|[INFO]|[68]|: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: ...Creating .keystore and .csr for generating new SSL certificate
Import third party SSL Certificate in ManageEngine Analytics Plus In order to implement SSL, a web server must have an associated certificate for each external interface (IP address) that accepts secure connections. Procedure for creating a csr - ...SSL issue with Prometheus
Fix to skip the SSL validation in prometheus