Step-by-step: SSL Installation

Step-by-step: SSL Installation

In ServiceDesk Plus, we use a keystore file to store the private key and this keystore file will be used by the web server to secure the connections. Below are the steps that needs to be followed to generate a keystore file and install the certificate.

The procedure might be a bit different from what is mentioned in the actual Admin Guide of ServiceDesk Plus as these steps involve the use of a san switch where a DNS entry is used. This switch will be helpful when getting a certificate from your Internal CA as most of the modern browsers have stopped trusting Internal CA Certificates as Trusted Certificates and thus show a potential warning when accessing the website. So we make use of the san switch to add a dns entry bypassing this browser-end restriction.

The procedure can be followed irrespective of the certificate vendor i.e the same set of steps can be used for both Internal CA and External CA(GoDaddy/DigiCert/Comodo).

So at first we need to create a keystore file with SAN switch and then using this keystore we need to create a CSR file.


Please follow the below steps to generate the CSR file and install SSL Cert.

1. Open CMD with Admin Privileges and navigate to Drive:\ManageEngine\ServiceDesk\jre\bin

2. Now, invoke the below command.

      keytool -genkey -alias <URL> -keyalg RSA -ext san=dns:<URL>,dns:<servername> -keysize 2048 -keystore sdp.keystore

            Note: Replace the <URL> in the above command with the URL that you are using for ServiceDesk Plus. 

3. Upon execution, you will then be prompted to choose a password for your keystore. Please provide any desired password and make a note of it.

      Note: Please note that the password should not contain any of the following $,",\. Also, please have the keystore file saved somewhere safe as the same will be needed when importing the certificate.

4. Now, when it asks for first and last name, this is NOT your first and last name, but rather it is the URL for which you are trying to get the certificate (helpdesk.domain.com or e.t.c). Once this is put in, please hit enter and fill in the rest of the information.
     
      Note: If you are ordering a Wildcard Certificate this must begin with the * character i.e the First and Last name should be  provided as *.domain.com

5. After entering the required information, confirm that the information is correct by entering 'y' or 'yes' when prompted. At the end of executing the above command, you will be prompted to enter keystore password. Provide the password same as the one you provided in Step 3.

6. Now, your keystore file named sdp.keystore is now created under Drive:\ManageEngine\ServiceDesk\jre\bin.

7. Now, invoke the below command.

      keytool -certreq -alias <URL> -ext san=dns:<URL>,dns:<servername> -file key.csr -keystore sdp.keystore

            Note: Replace the <URL> in the above command with the URL that you are using for ServiceDesk Plus. 

8. After executing the above command, you will be prompted to enter keystore password. Provide the password same as the one you provided in Step 3. Once done, your CSR file named key.csr will be created under Drive:\ManageEngine\ServiceDesk\jre\bin.

9. Please send this key.csr file to your System Admin Team or the respective team and have them get a certificate with this CSR.

10. Once you have the certificate, you can proceed with importing the certificate from the UI.

11. Go to Admin>>General Settings>>Import SSL Certificate.

12. On the screen displayed, browse to the certificate file. Please note that the certificate has to be in .cer, .crt, .p7b, .pfx, .keystore, or .jks extension.

13. Depending on the Certificate Type, follow any of the below.
  1. If the certificate type is .pfx, .keystore, or.jks, then choose the certificate file, choose the keystore file that you had created in Step 6, provide the keystore password and click the Import button for the SSL certificate to be installed.
  2. If the certificate type is .p7b file, then choose the certificate file, choose the keystore file that you had created in Step 6, provide the keystore password and click the Import button for the SSL certificate to be installed.
  3. If the certificate type is .cer or .crt file, then choose the certificate file, choose the keystore file that you had created in Step 6, provide the keystore password and select the upload method for the intermediate/root certificate and then click the Import button for the SSL certificate to be installed.

Things to keep in mind

1. If the certificate type is .cer or .crt, then you can choose the upload method as 'Automatic' or 'Manual'. If you choose manual, then you will have to manually choose the root and intermediate certificate(s).
2. If you choose Automatic and if the certificate import fails during the 'Building certificate chain' process, then it is suggested to manually extract the root and intermediate certificate(s), then choose 'Manual' against the upload method, choose the respective certificates and then perform the import.
3. If there is no keystore but there is a private key file (with extension .key), then the same can be used instead of the keystore while importing the certificate from UI.

Note:  To know how to extract certificates (root and intermediate), please refer to the KB article available here.

      • Related Articles

      • How to install SSL certificate in AssetExplorer

        SSL Installation Do you have a Wildcard or a Multi-domain certificate already running in your other servers and want to reinstall in on AssetExplorer server ?, then click here to find how to export SSL certificate using MMC.  Do you already have a ...
      • SSL Installation

        Do you have a Wildcard or a Multi-domain certificate already running in your other servers and want to reinstall in on ServiceDesk Plus server ?, then click here to find how to export SSL certificate using MMC.  Do you already have a .PFX certificate ...
      • How to Export SSL certificate using MMC?

        When an SSL certificate is already installed on a Windows server, you may want to reinstall it on ServiceDesk Plus server. This may be required when you have a Wildcard or a Multi-domain certificate, and the subdomains or different domains are hosted ...
      • SSL Installation using .PFX (PKCS12 Type Certificates)

        Please follow the steps given below to use the .pfx file with ServiceDesk Plus to set up SSL. 1. Stop ManageEngine ServiceDesk Plus service. 2. Copy the .pfx file to the conf folder For environments running version 9.3 and below will find the conf ...
      • SSL server authentication and SSL Handshake

        The Standard SSL Handshake The following is a standard SSL handshake when RSA key exchange algorithm is used: 1.  Client Hello Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher ...