SSL-Installing Certificates Manually (not through UI) in 10500 and above

SSL-Installing Certificates Manually (not through UI) in 10500 and above

Please refer the below mentioned, only if you have issue installing the certs through application UI. Once you are ready with the Keystore and CSR (Certificate Signing Request) file, follow the below mentioned:

Download the certificate files received from the CA via e-mail to the directory where your keystore (sdp.keystore) was saved during the CSR creation process. The certificates must be installed to this exact keystore. If you try to install it to a different keystore it will not work.

The certificates you had downloaded must be installed to your keystore in the correct order for your certificate to be trusted. If the certificates are not installed in the correct order, then the certificate will not authenticate properly. To find the correct order, double click on the domain certificate and then go to ‘Certification Path’.


These certificates are usually in the format .cer or .crt. If your certificate is with the extension .p7b please follow the instructions given in Installing a .P7b Certificate to export the certs to a .cer or .crt format.

Looking at the above certification path we can infer that we need to import two other certificates before the domain certificate. First is the Root, next the Intermediate and finally the Domain Certificate. Some CAs may also use another certificate called Cross Intermediate. These certificates can be downloaded from the vendor’s website.

Installing the Root Certificate file

Each time you install a certificate to your keystore you will be prompted for the keystore password, which you chose while generating your CSR. Type the following command to install the Root certificate file:

keytool -import -trustcacerts -alias root -file <File_Name>.crt -keystore sdp.keystore

NOTE: Choose ‘Yes’ if you get prompted with a message that says "Certificate already exists in system-wide CA keystore under alias <Alias Name> Do you still want to add it to your own keystore? [no]:"

You will get a confirmation stating that the "Certificate was added to keystore".


Install the Intermediate Certificates and Cross Intermediate Certificates (if any).

Follow the instructions provided by the CA.

keytool -import -trustcacerts –alias intermediate -file <File_Name>.crt -keystore sdp.keystore

keytool -import -trustcacerts –alias cross -file <File_Name>.crt -keystore sdp.keystore

You will get a confirmation stating that the "Certificate was added to keystore".


Install the Primary or the Domain Certificate file

Type the following command to install the Primary certificate file:

keytool -import -trustcacerts -alias <your_alias_name or [Domain Name]> -file your_domain_name.crt -keystore sdp.keystore

Please note that <your_alias_name or [Domain Name]> should be replaced with the alias name provided when creating the keystore (as discussed in Step 1). This time you will get a different confirmation stating that the "Certificate reply was installed in keystore”.


If you want to trust the certificate, then choose y or yes. Your Certificates are now installed to your keystore file (sdp.keystore).

Now follow the below mentioned:
1. Copy the sdp.keystore file from <ServiceDeskMSP_Home>\jre\bin to <ServiceDeskMSP_Home>\conf

2. From the command prompt, execute changeWebServerPort.bat script to change the connection mode to HTTPS. 
Cmd>[ServiceDesk Plus MSP Home]\bin> changeWebServerPort.bat <WEBSERVER_PORT> https 

3. Being in the command prompt, execute encrypt.bat -a aes256 -v "your password" script to get the password as highlighted below:


4. Finally, update the name of the keystore and the above highlighted password in the file server.xml present under <ServiceDesk_Home>\conf

5. Restart the service ManageEngine ServiceDesk Plus MSP for the changes to take effect.

          • Related Articles

          • How do I install SSL certificate for ServiceDeskPlus-MSP?

            Introduction ServiceDesk Plus - MSP can run as a HTTPS service. But it requires a SSL (Secure Socket Layer) Certificate signed by a valid Certificate Authority (CA). By default, on a first-time start-up, it creates a self-signed certificate. This ...
          • How to install SSL certificate of .PFX format for 9.4 builds

            Installing .PFX Certificate   .PFX is an extension for security certificate. It defines a file format that stores private keys (generated by your server at the time the CSR was generated) and public key certificate (your SSL Certificate provided by ...
          • How to install .pfx certificate manually in ServiceDesk Plus MSP version 10.5 and above

            The below steps are applicable for version 10.5 and above. For .pfx certificate installation in version 9427 and below, follow the steps here.  A PKCS12 (.pfx) certificate stores the RSA keys and the SSL certificate in a single encrypted file. Follow ...
          • Subject Alternative Name missing Error under Browser (SAN Missing)

            Error : Solution: Please find below the commands that can be used to create the keystore and corresponding CSR request with SAN included: Keystore creation:  keytool -genkey -alias <your_alias_name> or [Domain Name] -keyalg RSA -keysize 2048 -sigalg ...
          • Self service Portal page crashes in UI

            In some case accessing Self service portal page crashes with the below error in UI, This issue occurs in all technician logins as well. In such scenario look for the error traces in the logs, Servlet.service() for servlet action threw ...