Step-by-step: SSL Installation
In ServiceDesk Plus, we use a keystore file to store the private key and this keystore file will be used by the web server to secure the connections. Below are the steps that needs to be followed to generate a keystore file and install the certificate.
The procedure might be a bit different from what is mentioned in the actual Admin Guide of ServiceDesk Plus as these steps involve the use of a san switch where a DNS entry is used. This switch will be helpful when getting a certificate from your Internal CA as most of the modern browsers have stopped trusting Internal CA Certificates as Trusted Certificates and thus show a potential warning when accessing the website. So we make use of the san switch to add a dns entry bypassing this browser-end restriction.
The procedure can be followed irrespective of the certificate vendor i.e the same set of steps can be used for both Internal CA and External CA(GoDaddy/DigiCert/Comodo).
Please follow the below steps to generate the CSR file and install SSL Cert.
1. Open CMD with Admin Privileges and navigate to Drive:\ManageEngine\ServiceDesk\jre\bin
2. Now, invoke the below command.
keytool -genkey -alias <URL> -keyalg RSA -ext san=dns:<URL>,dns:<servername> -keysize 2048 -keystore sdp.keystore
Note: Replace the <URL> in the above command with the URL that you are using for ServiceDesk Plus.
3.
Upon execution, you will then be prompted to choose a password for your
keystore. Please provide any desired password and make a note of it.
Note: Please note that the password should not contain any of the following $,",\. Also, please have the keystore file saved somewhere safe as the same will be needed when importing the certificate.
4.
Now, when it asks for first and last name, this is NOT your first and
last name, but rather it is the URL for which you are trying to get the
certificate (helpdesk.domain.com or e.t.c). Once this is put in, please hit enter and fill in the rest of the information.
Note: If
you are ordering a Wildcard Certificate this must begin with the *
character i.e the First and Last name should be provided as *.domain.com
5.
After entering the required information, confirm that the information
is correct by entering 'y' or 'yes' when prompted. At the end of
executing the above command, you will be prompted to enter keystore
password. Provide the password same as the one you provided in Step 3.
6. Now, your keystore file named sdp.keystore is now created under Drive:\ManageEngine\ServiceDesk\jre\bin.
7. Now, invoke the below command.
keytool -certreq -alias <URL> -ext san=dns:<URL>,dns:<servername> -file key.csr -keystore sdp.keystore
Note: Replace the <URL> in the above command with the URL that you are using for ServiceDesk Plus.
8. After executing the above command, you will be prompted to enter keystore password. Provide the password same as the one you provided in Step 3. Once done, your CSR file named key.csr will be created under Drive:\ManageEngine\ServiceDesk\jre\bin.
9. Please send this key.csr file to your System Admin Team or the respective team and have them get a certificate with this CSR.
10.
Once you have the certificate, you can proceed with importing the certificate from the UI.
12. On the screen displayed, browse to the certificate file. Please note that the certificate has to be in .cer, .crt, .p7b, .pfx, .keystore, or .jks extension.
13. Depending on the Certificate Type, follow any of the below.
11. Go to Admin>>General Settings>>Import SSL Certificate.
12. On the screen displayed, browse to the certificate file. Please note that the certificate has to be in .cer, .crt, .p7b, .pfx, .keystore, or .jks extension.
13. Depending on the Certificate Type, follow any of the below.
- If the certificate type is .pfx, .keystore, or.jks, then choose the certificate file, choose the keystore file that you had created in Step 6, provide the keystore password and click the Import button for the SSL certificate to be installed.
- If the certificate type is .p7b file, then
choose the certificate file, choose the keystore file that you had
created in Step 6, provide the keystore password and click the Import button for the SSL certificate to be installed.
- If the certificate type is .cer or .crt file, then
choose the certificate file, choose the keystore file that you had
created in Step 6, provide the keystore password and select the upload method for the intermediate/root certificate and then click the Import button for the SSL certificate to be installed.
Things to keep in mind
1. If the certificate type is .cer or .crt, then you can choose the upload method as 'Automatic' or 'Manual'. If you choose manual, then you will have to manually choose the root and intermediate certificate(s).
2. If you choose Automatic and if the certificate import fails during the 'Building certificate chain' process, then it is suggested to manually extract the root and intermediate certificate(s), then choose 'Manual' against the upload method, choose the respective certificates and then perform the import.
3. If there is no keystore but there is a private key file (with extension .key), then the same can be used instead of the keystore while importing the certificate from UI.
Note: To know how to extract certificates (root and intermediate), please refer to the KB article available here.
New to ADSelfService Plus?
Related Articles
Common SSL Issues
1. SSLException : PKIX Path Exception Trace : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification ...How to install SSL certificate in AssetExplorer
SSL Installation Do you have a Wildcard or a Multi-domain certificate already running in your other servers and want to reinstall in on AssetExplorer server ?, then click here to find how to export SSL certificate using MMC. Do you already have a ...SSL Installation
Do you have a Wildcard or a Multi-domain certificate already running in your other servers and want to reinstall in on ServiceDesk Plus server ?, then click here to find how to export SSL certificate using MMC. Do you already have a .PFX certificate ...How do I install SSL certificate for ServiceDeskPlus-MSP?
Introduction ServiceDesk Plus - MSP can run as a HTTPS service. But it requires a SSL (Secure Socket Layer) Certificate signed by a valid Certificate Authority (CA). By default, on a first-time start-up, it creates a self-signed certificate. This ...How to install .pfx certificate manually in ServiceDesk Plus MSP version 10.5 and above
The below steps are applicable for version 10.5 and above. For .pfx certificate installation in version 9427 and below, follow the steps here. NOTE: Please take a server snapshot before following the steps given below A PKCS12 (.pfx) certificate ...