Creating .keystore and .csr for generating new SSL certificate

Creating .keystore and .csr for generating new SSL certificate

Import third party SSL Certificate in ManageEngine Analytics Plus

In order to implement SSL, a web server must have an associated certificate for each external interface (IP address) that accepts secure connections.


Procedure for creating a csr - Using Subject Alternative Names:

Following commands are to be executed from the command prompt in the directory <ME_Analytics_Plus_Home>\jre\bin>

1. Creation of keystore file


keytool -genkey -alias <your alias> -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore server.keystore


(for Multi-Domain (SAN) Certificates use: keytool -genkey -alias <your alias> -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore server.keystore -ext san=dns:<your alias>)

If you use your own password then, you need to update the password in the following file <AnalyticsPlus home>/conf/server.xml

Example of command execution, generating keystore file:

CN =mydomain (eg: bi.analytics.com)

Enter your exact host and domain name that you wish to secure. Say, If you wish to secure http://www.mydomain.com/, then you will need to enter the exact host (www)and domain name (mydomain.com) in this field}.

If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com/ 

OU(Organization Unit)=MSP,  O(Organization) = My organization, L(Location) = Los Angles, S(State) = CA, C(Country) = US.

Again it will ask for a password give the same password you gave previously <keystore password>


2. Creation of CSR file


keytool -certreq -alias <your alias> -sigalg SHA256withRSA -file server.csr -keystore server.keystore


(for Multi-Domain (SAN) Certificates: keytool -certreq -alias <your alias> -sigalg SHA256withRSA -file server.csr -keystore server.keystore  -ext san=dns:<your alias>)

Reference: Video available in the attachment


Note: after creating the .csr file, use it to generate the SSL cert

                  New to ADSelfService Plus?