How to manually enable HTTPS and install SSL certificate in M365 Manager Plus
Summary
The purpose of this article is to guide you through the process of installing an SSL certificate and enabling HTTPS in M365 Manager Plus. In doing so, you can ensure the connection between the web browser and M365 Manager Plus server is safe from security threats.
To install any SSL certificate, a keystore and certificate signing request (CSR) is required. You can install certificates in the P7B format or convert existing certificate authority (CA) signed certificates to the P7B format.
The following steps will guide you through installing a SSL certificate and enabling HTTPS in M365 Manager Plus.
Create the keystore
A keystore is a password-protected file that contains the keys and certificates for the server to encrypt and decrypt data.
To create a certificate keystore file and generate encryption keys,
- Run Command Prompt as an administrator.
- Navigate to <install_directory>\jre\bin (By default, <install_directory> is: C:\Program Files\ManageEngine\M365 Manager Plus) and execute the following command:
keytool -genkey -alias <aliasname> -keyalg RSA -validity <validity> -keystore <KeystoreName>.keystore -deststoretype pkcs12 - Replace <keystoreName> and <aliasname> with names of your choice, and <validity> with the number of days after which you want your certificate to expire.
- Type in a keystore password of your choice. This will be used later to add SSL certificates to the keystore.
- Provide information based on the following guidelines:
What is your first and last name?
Provide the machine name or the fully-qualified domain name of the server hosting M365 Manager Plus.
What is the name of your organizational unit?
Enter the department name that you want to appear in the certification.
What is the name of your organization?
Provide the legal name of your organization.
What is the name of your City or Locality?
Enter the city name as provided in your organization’s registered address.
What is the name of your State or Province?
Enter the state or province as provided in your organization’s registered address.
What is the two-letter country code for this unit?
Provide the two-letter code of the country in which your organization is located.
Generate the certificate signing request (CSR)
In order for a CA to generate an SSL certificate for a company, it first collects information about that company and other identifiers such as public key (digital signature), and then binds them all with its certificate. In doing so, it generates a unique identifier for the company.
Thus, every certificate issuance process begins with a certificate request from the company. CAs refer to this process as certificate signing request (CSRs). The CAs accept the company information and digital signatures in a special file format, namely the .csr format.
To create a CSR with a subject alternative name (SAN), execute the following command in Command Prompt as an administrator.
keytool -certreq -alias <aliasname> -keyalg RSA -ext SAN=dns:<domainName> -keystore <keystore Name>.keystore -file <certName>.csr
Replace <aliasname> with an alias of your choice, <domainName> with the name of your domain, <keystoreName> with the name you assigned to the keystore file, and <certName> with a name of your choice that you want to assign to the CSR file, as shown in the image below:
Steps to convert certificates to P7B format
M365 Manager Plus supports using SSL certificates in P7B format. You can convert your existing CER, CRT, or PEM certificates to P7B format by following the steps mentioned below:
- Double click the domain certificate, which has your M365 Manager Plus host/alias name.
- In the Details tab, click Copy to File.
- In the Certificate Export Wizard window that appears, click Next.
- Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B), enable the Include all certificates in the certification path if possible checkbox, and click Next.
- Click Browse, navigate to <install_directory>\jre\bin, and click Finish.
Steps to add certificate authority signed certificates to the keystore
If you prefer to use your CA signed certificates, you can add them to the keystore before binding them to M365 Manager Plus by following the steps mentioned below:
- Backup the server.keystore, Server.p12, server.xml, and web.xml files located in the <install_directory>\conf folder. If server.keystore or server.p12 is not available, please ignore them and back up the other files.
- Download and unzip the certificate files you received from your CA to the <install_directory>\jre\bin folder.
- Open Command Prompt as an administrator and navigate to the <install_directory>\jre\bin folder
- Execute the command given below.
keytool -import -alias <aliasname> -trustcacerts -file cert.<certname>-keystore cert.keystore
Note: <certname> should be replaced with the name of the P7B certificate file and <aliasname> with the alias of the keystore. - When asked for a password, type it and press Enter on your keyboard.
Bind certificates to M365 Manager Plus
Follow the steps mentioned below to configure the M365 Manager Plus server to use the keystore with your SSL certificate.
Note: It is recommended to back up your conf folder in <install_directory> before configuring your Connection Settings in the product.
- Log in to M365 Manager Plus and navigate to the Settings tab > Admin tab > General Settings > Connection.
- Under Connection, select M365 Manager Plus [https] option.
- Click Save and shut down M365 Manager Plus.
- Open the server.xml file present in <install_directory>\conf folder in a text editor of your choice.
- Go to the end of the XML file and search for the connector tag (which starts like <Connector SSLEnabled="true" ... .../>).
- Now, edit the following values inside the connector tag mentioned below:
- <keystoreName> with the name of your keystore
- <password> with the password to your keystore
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="<keystoreName" keystorePass="<password>" maxSpareThreads="75"maxThreads="150" minSpareThreads="25" name="SSL" port="9251" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/> - Save the server.xml file and close it.
- Restart M365 Manager Plus again for the changes to take effect.
New to ADSelfService Plus?
Related Articles
How to create dynamic groups in Entra ID
The members of a dynamic group are determined based on a set of rules and updated dynamically. Since the members aren't predefined, admins need not manually add or remove the users as changes happen. This, in turn, can save a lot of time and boost ...Set up 2FA for help desk technicians
Two-factor authentication (2FA) is one of the most trusted authentication techniques to prevent intruders from gaining access to unauthorized accounts. ManageEngine M365 Manager Plus supports 2FA with seven factors to choose from, including custom ...How to create SharePoint Online site groups
Site groups in SharePoint Online are a crucial aspect of organizing and securing your SharePoint sites. They allow you to effortlessly manage permissions for a set of users and groups at once, by grouping them under a single site group and ...How to view Microsoft 365 archive mailbox size
Archiving provides additional mailbox storage space to Microsoft 365 users. Once archiving is turned on, users can move the older messages from their primary mailbox to the archive mailbox thus freeing up primary mailbox space. The messages in the ...