This article will guide you through the process of applying a single-domain certificate (CER, CRT, P7B, etc.) in ADSelfService Plus.
Step 1: Enable HTTPS in ADSelfService Plus
- Log in to ADSelfService Plus with admin credentials.
- Navigate to Admin → Product Settings → Connection.
- Check the Enable SSL Port [https] box
- Click Save.
Step 2: Generate CSR
Note: If you already have an SSL certificate, skip to Step 4.
1. Click the SSL Certification Tool button.
2. Click Generate Certificate and fill in all the necessary fields. Refer to the table below:
|Common name||The name of the server in which ADSelfService Plus is running.|
|SAN Name||The names of the additional hosts (sites, IP addresses, etc.) to be protected by the SSL certificate.|
|Organizational Unit||The department name that you want to appear in the certificate.|
|Organization||The legal name of your organization.|
|City||The city name as provided in your organization’s registered address.|
|State/Province||The state/province as provided in your organization’s registered address.|
|Country Code||The two-letter code of the country in which your organization is located.|
|Password||A password must be at least six characters. The more complex the password, the better the security.|
|Validity (In days)||The number of days the certificate should be valid. If no value is provided, it will be set to 90 days.|
|Public Key Length (In bits)||The public key length. The larger the size, the stronger the key. The default size is 1024 bits and can be incremented only in multiples of 64.|
3. Once you’ve entered all the details, click the Generate CSR
Step 3: Submit the generated CSR file to your Certification Authority
- When you click the Generate CSR button, two files—SelfService.csr and SelfService.keystore—will be generated.
- You can locate the SelfService.csr file in <Installation_directory>\webapps\adssp\certificates folder and the SelfService.keystore file in <Installation_directory>\jre\bin folder.
- Submit the SelfService.csr file to your Certification Authority (CA).
Step 4: Bind the CA-signed certificates with ADSelfService Plus
- Select the Apply Certificate option.
- Click Browse to upload the certificate.
- In the Certificate Password field, enter the password of the uploaded certificate.
- Click Apply.
Note: The Endpoint MFA feature will be accessible after installing the SSL certificates only if the Protocol option has been set to HTTPS under Configure Access URL (Admin > Customize > Product Settings > Connection > Connection Settings > Configure Access URL).
- Steps to convert a certificate file in CER, CRT, or PEM format to P7B format:
i. Double-click on the certificate file to open it in the Certificate window.
ii. Select Details and click Copy to File
iii. Click Next in the Certificate Export Wizard that opens.
iv. Select the Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) option, and check the Include all certificates in the certification path if possible box.
v. Click Browse to select a destination to store the file and enter the File name.
vi. Review the information, and click Finish.
2. Preferred cipher for improved security in ADSelfService Plus: