1. Open the command prompt with admin privileges.
   
2. In the cmd window, navigate to the following path: <dir>:\ManageEngine\EventlogAnalyzer\jre\bin folder.
   
3. Execute the command: keytool -genkey -alias tomcat -keypass password -keyalg RSA -validity 1000 -keystore zoho.keystore
   
4. You will be asked to create a password for the keystore. Generate a password of your choice and confirm it.
   
5. Once the password is successfully generated, answer the following questions in the prompt:
   
1. First and last name: The fully qualified domain name of the server
   
2. Organizational unit: Department name (typically IT)
   
3. Organization: Company name
   
4. City: City name as per the registered company address
   
5. State: State as per the registered company address
   
6. Country code: Abbreviated two-letter country code (i.e., US, IN, or CA)
   
6. Upon confirming the details, the ssl.keystore file will be created in the following file path: <dir>:\ManageEngine\Eventlog\jre\bin
   

3. Create a certificate signing request (CSR) based on the keystore:

1. Open the command prompt with admin privileges.
   
2. Navigate to <dir>:\ManageEngine\EventlogAnalyzer\jre\bin
   
3. Execute either of the commands below according to your requirements:
   
1. The following command creates a CSR file.
   

keytool -certreq -alias tomcat -keyalg RSA -keystore <domainName>.keystore -file <domainName>.csr 

1. The following command creates a CSR file with a Subject Alternative Name.
   

keytool -certreq -alias tomcat -keyalg RSA -ext

SAN=dns:server_name,dns:server_name.domain.com,dns:server_name.domain1.com -keystore

<domainName>.keystore -file <domainName>.csr 

d. Now, enter the keystore password generated during Step 2. A new file, <domainName>.csr, will be created in the same location. You will have two files now: <domainName>.keystore and <domainName>.csr.

4. The certificate issuance process for an internal certificate authority (CA) from Microsoft Certificate Services:

1. Connect to Microsoft Certificate Services and click Request a certificate.
   
2. Select Advanced Certificate Request and submit a certificate request by using either of the following:
   
1. A base-64-encoded CMC or PKCS #10 file
   
2. A base-64-encoded PKCS #7 file for a renewal request
   
3. Open the CSR file using an editor, copy the contents of the file, and paste it under Saved Request.
   
4. Select Web Server as the Certificate Template, and click Submit.
   
5. The certificate will be issued. Click the Download certificate chain link to download PKCS #7 Certificates.
   
6. Copy and paste the certificate file to the <dir>:\ManageEngine\EventLog Analyzer\jre\bin folder.
   
7. Click Home in the top-right corner, and click the Download a CA certificate, chain certificate, or CRL link.
   
8. You can save the root certificate by clicking the Download CA certificate link.
   
9. Open the command prompt and navigate to <dir>:\ManageEngine\EventLog Analyzer\jre\bin.
   
10. Execute the query below to import the internal CA certificate into the .keystore file.

Keytool –import –trustcacerts –alias tomcat –file certnew.p7b –keystore <keystore_name >.keystore

     m. Execute the query below to add the internal CA root certificate to the trusted CA list of Java cacerts files.

keytool -import -alias <internal CA_name> -keystore ..\lib\security\cacerts -file certnew.cer

Note: Open certnew.cer to get the internal CA name, and use changeit as the password when prompted.

5. Associate the keystore certificate with EventLog Analyzer:

1. Copy the <domainName>.keystore file from <dir>:\ManageEngine\EventLog Analyzer\jre\bin to <dir>:\ManageEngine\EventLog Analyzer\conf.
   
2. Make a backup of the server.xml and web.xml files.
   
3. Open the command prompt with admin privileges.
   
4. Navigate to <dir>:\ManageEngine\EventLog Analyzer\conf and execute write server.xml.
   
5. Replace the value of keystoreFile with "./conf/<domainName>.keystore" at the last connector tag located at the end of page.
   
6. Replace the password for keystorePass with the password as given while creating the keystore.
   
7. Save the server.xml file, restart EventLog Analyzer, and access the application.

6. Certificate issuance process for an external CA:

1. To bind certificates from GoDaddy, Verisign, Comdo, Entrust, or Thawte with a keystore, please refer to the SSL certification guide.