Configuring SSL certification
- Enable SSL certification in the GUI:
- Log in to EventLog Analyzer as an administrator.
- Go to Settings > System Settings > Connection Settings > General Settings.
- Enable SSL [HTTPS] and enter the desired web port number. The default web port used is 8445. You can also enable keystore password encryption here.
- Set the Session Expiry Time, and save the changes.
- Restart EventLog Analyzer to complete the process.
- Create a keystore file:
- Open the command prompt with admin privileges.
- In the cmd window, navigate to the following path: <dir>:\ManageEngine\EventlogAnalyzer\jre\bin folder.
- Execute the command: keytool -genkey -alias tomcat -keypass password -keyalg RSA -validity 1000 -keystore zoho.keystore
- You will be asked to create a password for the keystore. Generate a password of your choice and confirm it.
- Once the password is successfully generated, answer the following questions in the prompt:
- First and last name: The fully qualified domain name of the server
- Organizational unit: Department name (typically IT)
- Organization: Company name
- City: City name as per the registered company address
- State: State as per the registered company address
- Country code: Abbreviated two-letter country code (i.e., US, IN, or CA)
- Upon confirming the details, the ssl.keystore file will be created in the following file path: <dir>:\ManageEngine\Eventlog\jre\bin
3. Create a certificate signing request (CSR) based on the keystore:
- Open the command prompt with admin privileges.
- Navigate to <dir>:\ManageEngine\EventlogAnalyzer\jre\bin
- Execute either of the commands below according to your requirements:
- The following command creates a CSR file.
keytool -certreq -alias tomcat -keyalg RSA -keystore <domainName>.keystore -file <domainName>.csr
- The following command creates a CSR file with a Subject Alternative Name.
keytool -certreq -alias tomcat -keyalg RSA -ext
SAN=dns:server_name,dns:server_name.domain.com,dns:server_name.domain1.com -keystore
<domainName>.keystore -file <domainName>.csr
d. Now, enter the keystore password generated during Step 2. A new file, <domainName>.csr, will be created in the same location. You will have two files now: <domainName>.keystore and <domainName>.csr.
4. The certificate issuance process for an internal certificate authority (CA) from Microsoft Certificate Services:
- Connect to Microsoft Certificate Services and click Request a certificate.
- Select Advanced Certificate Request and submit a certificate request by using either of the following:
- A base-64-encoded CMC or PKCS #10 file
- A base-64-encoded PKCS #7 file for a renewal request
- Open the CSR file using an editor, copy the contents of the file, and paste it under Saved Request.
- Select Web Server as the Certificate Template, and click Submit.
- The certificate will be issued. Click the Download certificate chain link to download PKCS #7 Certificates.
- Copy and paste the certificate file to the <dir>:\ManageEngine\EventLog Analyzer\jre\bin folder.
- Click Home in the top-right corner, and click the Download a CA certificate, chain certificate, or CRL link.
- You can save the root certificate by clicking the Download CA certificate link.
- Open the command prompt and navigate to <dir>:\ManageEngine\EventLog Analyzer\jre\bin.
- Execute the query below to import the internal CA certificate into the .keystore file.
Keytool –import –trustcacerts –alias tomcat –file certnew.p7b –keystore <keystore_name >.keystore
m. Execute the query below to add the internal CA root certificate to the trusted CA list of Java cacerts files.
keytool -import -alias <internal CA_name> -keystore ..\lib\security\cacerts -file certnew.cer
Note: Open certnew.cer to get the internal CA name, and use changeit as the password when prompted.
5. Associate the keystore certificate with EventLog Analyzer:
- Copy the <domainName>.keystore file from <dir>:\ManageEngine\EventLog Analyzer\jre\bin to <dir>:\ManageEngine\EventLog Analyzer\conf.
- Make a backup of the server.xml and web.xml files.
- Open the command prompt with admin privileges.
- Navigate to <dir>:\ManageEngine\EventLog Analyzer\conf and execute write server.xml.
- Replace the value of keystoreFile with "./conf/<domainName>.keystore" at the last connector tag located at the end of page.
- Replace the password for keystorePass with the password as given while creating the keystore.
- Save the server.xml file, restart EventLog Analyzer, and access the application.
6. Certificate issuance process for an external CA:
- To bind certificates from GoDaddy, Verisign, Comdo, Entrust, or Thawte with a keystore, please refer to the SSL certification guide.
New to ADSelfService Plus?
Related Articles
How to enforce HTTPS by applying an SSL certificate in EventLog Analyzer
Objective Learn how to enforce secure communication with EventLog Analyzer by configuring HTTPS. This is done by applying an SSL certificate and disabling HTTP access. HTTPS ensures encrypted data exchanges and aligns with security hardening best ...
How to resolve missing padlock symbol after applying a self-signed SSL certificate in EventLog Analyzer
Objective After applying an SSL certificate in EventLog Analyzer, users may still see a Not Secure warning in the browser and notice that the padlock symbol is missing. This typically occurs when the applied certificate is self-signed or not issued ...
Configuring event sources
Follow the step-by-step procedure below to configure event sources in EventLog Analyzer. To start with, ensure that the following ports and protocols are available for configuring the event source. Port 139 and 445: SMB and Remcom protocols 135, 137, ...
Unable to configure Mail Server in Eventlog Analyzer
Issue description This issue occurs when EventLog Analyzer is unable to send notification emails or one-time password (OTP) emails. This may happen due to several reasons, such as incorrect email server configurations, network issues, or ...
Applying a PFX certificate
Enable SSL in the GUI: Log in to EventLog Analyzer as an administrator. Go to Settings > System Settings > Connection Settings > General Settings. Enable SSL [HTTPS] and enter the desired web port number. The default web port used is 8445. Stop ...