How to migrate or reuse an SSL certificate in ADSelfService Plus

How to migrate or reuse an SSL certificate in ADSelfService Plus

Objective   

This article explains how to locate and migrate an existing SSL certificate from one ADSelfService Plus instance to another. This is useful when migrating your application to a new server, allowing you to reuse your current certificate, ensuring secure communication (HTTPS).

Prerequisites   

  • You must have administrative access to the ADSelfService Plus server's file system.
  • You must have administrative privileges in ADSelfService Plus.
  • The SSL certificate must be valid and not expired.

Steps to migrate an SSL certificate  

Step 1: Locate the certificate file 
  1. Once an SSL certificate is applied in ADSelfService Plus, it is stored in C:\Program Files\ManageEngine\ADSelfService Plus\conf\server.p12. The server.p12 file contains both the SSL certificate and the private key.
  2. Copy the file. The server.p12 file can then be imported into other web servers if required.
Step 2: Retrieve the keystore password
  1. In the same \conf folder, open the file server.xml with a text editor.
  2. Search for the attribute keystorePass. The value will be your password. Example: <... keystorePass="YourPassword123" ...>
NotesNote: The password will be in plain text unless the Encrypt Keystore Password option has been enabled under Admin > Product Settings > Connection. If it is encrypted, you will need the plaintext password you originally set. 
You now have the server.p12 file and its password, which are required for the new server.

Step 3: Importing the certificate into the new server
  1. Paste the server.p12 file that you backed up from the old server in step one in the new server.
  2. Follow the steps listed in this article to apply your PFX/PKCS12 certificate on the new ADSelfService Plus server.

Tips 

  • Certificate common name: An SSL certificate is issued for a specific domain name (e.g., ssp.yourcompany.com) or a wild card entry (e.g.,*.yourcompany.com). If you migrate the certificate to a new server that will be accessed using a different URL, users will see a security warning. The certificate will only work without errors if the new server uses the same access URL as the old one.
  • Renew expired certificates: If the SSL certificate is nearing expiration, renew it before migrating to avoid downtime.
  • Exporting for other web servers: The server.p12 file is compatible with other servers that accept PKCS12/PFX formats, such as IIS. You can rename the file to server.pfx and use the same keystore password to import it into other web servers if needed.

Related topics and articles        

How to reach support             

If the issue persists, contact our support team here


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products