How to install SSL certificates for RecoveryManager Plus

How to install SSL certificates for RecoveryManager Plus

RecoveryManager Plus supports an SSL connection to ensure the security of data transferred between the browser and the product server. Protecting data transferred during remote access requires a secure connection between the web browser and the RecoveryManager Plus server.  Connections between the RecoveryManager Plus server and end-user machines, VPNs, and cloud applications must also be secured. For these, you must enable the HTTP/HTTPS option under the Connection settings and install an SSL certificate in RecoveryManager Plus. 

The process consists of three steps:

  1. Enable HTTPs in RecoveryManager Plus.
  1. Generate a CSR file and apply the certificate
  1. To apply an existing SSL certificate


Configuration steps

Step 1: Enable HTTP/HTTPS in RecoveryManager Plus

  1. Login to RecoveryManager Plus with admin credentials.
  2. Navigate to the Admin tab > General SettingsProduct SettingsConnection Settings.
  3. Choose your connection type. You can choose either HTTP or HTTPS.
  4. Specify the port number of your choice after choosing the connection type. (Default ports for RecoveryManager Plus are HTTP: 8090, HTTPS: 8558).
  5. Click Save.

 

Step 2: Generate a CSR and apply the certificate

Note: If you already have an SSL certificate, skip to Step 3.

  1. Click the SSL Certificate Tool option.
  2. Check Keystore Password that appears when you select HTTPS and enter the keystore password.
  3. Click the Advanced option to use and specify the TLS versions and cipher suites of your choice.
  1. In the TLS drop-down menu, select the TLS versions you want.
  2. You can also select the cipher suites you want to use in the cipher field. 
  3. We support the following cipher suites:
  1. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  2. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  3. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  4. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  5. TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA
  6. TLS_RSA_WITH_AES_128_CBC_SHA256
  7. TLS_RSA_WITH_AES_256_CBC_SHA256
  1. You can also specify the cipher suites you want to use in the Ciphers field.
  2. Select the domain for which you wish to enable LDAP SSL from the Enable LDAP SSL for drop-down menu. 

  1. Select the desired Session Expiry Time from the options in the drop-down menu.
  2. Check the Help us improve the product by sending anonymous usage statistics option to allow us collect information to help us develop exciting new features for RecoveryManager Plus.
  3. Select Enforce GDPR Compliance to mask sensitive information from being displayed in the UI and to protect your database backups with a password.
  4. Click Save.

 

Note: For the changes made under Connection Settings to take effect, you must restart the RecoveryManager Plus.

 

  1. If you don’t have an SSL certificate, select the Generate Certificate option and fill in all the necessary fields as given in the below table.

 

Common Name

The name of the server in which RecoveryManager Plus is running.

SAN Names

The names of the additional hosts (sites, IP addresses, etc.) to be protected by the SSL certificate. 

Organizational Unit

The name of the department that you want to display in the certificate.

Organization

The legal name of your organization. 

City

The city name as provided in your organization’s registered address.

State/Province

The state or province as provided in your organization’s registered address.

Country Code

The two-letter code of the country in which your organization is located.

Password

A password that consists of at least six characters to secure the keystore.

Validity (In Days)

The number of days for which the SSL certificate will be considered valid; if no value is provided, it will be set to 90 days. 

Public Key Length (In Bits)

The public key length. The default value is 2,048 bits and its value can only be incremented in multiples of 64.

 

After all values have been entered, you can select either of these two options:

  1. Generate CSR

This method enables you to generate the Certificate Signing Request (CSR) file and submit it to your certificate authority (CA). Using this file, your CA will generate a custom certificate for your server.

  1. Click Download CSR or manually get it from the <Install_dir>\Certificates folder.
  2. Once you have received the certificate files from your CA, follow the steps listed under the Apply an existing SSL Certificate section to use the SSL certificate.

 

  1. Generate & Apply Self-Signed Certificate

This option enables you to create a self-signed certificate and apply it instantly to the product. However, self-signed SSL certificates come with a drawback. Anyone accessing the product secured with a self-signed SSL certificate will be shown a warning that says the website is not trusted, which may cause concern.

If you want to apply the self-signed certificate, follow the steps given below:

  1. Click Apply Self-Signed Certificate.
  2. Once you receive the message that SSL certificate has been successfully applied, restart the product for the changes to take effect.

 

Step 3: Apply an existing SSL certificate

If you already have a SSL certificate, select the Apply Certificate option and follow the steps listed below.

 

  1. Select Apply Certificate.
  2. Select your preference from Choose Upload Option based on the certificate file type.
  1. ZIP Upload
  1. If your CA has sent you a ZIP file, then select ZIP UploadBrowse and upload the ZIP file.
  2. If your CA has sent you individual certificate files, such as user, intermediary, and root certificates, you can put all these certificate files in a ZIP file and upload it.
  3. If your certificate's private key is password protected, enter its password in the Private Key Passphrase field.
  1. Individual Certificates
  1. If your CA has sent you just one certificate file (PFX or PEM format), then select Individual Certificates.
  2. Browse and upload the certificate in the Upload Certificate field.
  3. Browse and upload the additional certificate files provided by your CA in the Upload CA Bundle field.
  4. If the uploaded certificate is password protected, enter the password that must be provided to access it in the Certificate Password field.


  1. Certificate Content
  1. If your CA has sent the certificate content, then choose the Certificate Content option, and paste the certificate content in the Paste Certificate Content field.
  2. If your certificate's private key is password protected, enter its password in the Private Key Passphrase field.

Note: Only Triple DES encrypted private keys are currently supported.

  1. Click Apply.
  2. Restart the product for the changes to take effect.

 


                  New to ADManager Plus?

                    New to ADSelfService Plus?

                      • Related Articles

                      • Does RecoveryManager Plus support TLS v1.2 protocol?

                        Yes, RecoveryManager Plus supports TLS v1.2. The product can be configured to use only this protocol by following the steps mentioned below. Before you proceed, please enable SSL and apply an SSL certificate in RecoveryManager Plus as explained in ...
                      • Cleaning up transaction logs created when RecoveryManager Plus performs any backup and restoration operations

                        Problem Once you deploy on-premises Exchange, the available disk space will decrease due to the increase in logs generated by the mailboxes. This problem of large log sizes is predominant in Exchange versions 2013 and above. When you install ...
                      • How to remove admin’s access to SharePoint Online and OneDrive for Business sites?

                        Problem When you configure backups for SharePoint Online and OneDrive for Business sites using RecoveryManager Plus, the admin whose account is used to configure the product is provided access to all SharePoint Online and OneDrive for Business sites ...
                      • DNS node restoration

                        A DNS zone is comprised of several DNS nodes housing domain-related information. RecoveryManager Plus can back up all DNS nodes in a particular DNS zone and restore them to any previously backed-up state. This guide provides a step-by-step approach ...
                      • Restoring your default domain policy

                        Every setting you configure in the default domain policy applies to every user and computer account in the domain, unless these settings are overwritten by other domain GPOs having higher precedence or by GPOs linked to OUs. When unintended changes ...