Community and Support
            Knowledge Base Analytics Plus Installation SSL

            Applying an SSL Certificate (Wildcard)

            Please Note: These are general guidelines,  It is always advised to refer the instructions published by respective CAs to import SSL certificate into tomcat server. 

            Importing WildCard SSL certificate (PEM format)


            Step 1 Updating Keystore

                        Following commands are to be executed from the command prompt in the directory <ME_Analytics_Plus_Home>\jre\bin>

            Input Fully Qualified Domain Name details to ManageEngine AnalyticsPlus Keystore.

            keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore

            Enter the password as 'accounts' (do not change this)

            If you use your own password, you need to update it in the following files after the keyword keystorePass

            <ManageEngine AnalyticsPlus>/conf/server.xml (above version 3500)

            <ManageEngine AnalyticsPlus>/accounts/conf/server.xml

            <ManageEngine AnalyticsPlus>/reports/conf/server.xml 

            Fill in the details and Note : The first prompt asking for name denotes CN, so mention your domain name

            To delete an entry use

            keytool -delete -alias analytics -keystore server.keystore

            Step 2 Import CA into keystore

            keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>

            Place the .pem and .key file under this folder of OpenSSL (C:\Program Files (x86)\GnuWin32in)

            If OpenSSL is not installed, please install to proceed

            Using Command Prompt, go to OpenSSL installation folder location (Ex: C:Program Files (x86)GnuWin32\bin)

            Execute the below command ( --> is the actual domain url that is to be used)

            openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out  ./

            Copy the from the location C:\Program Files (x86)\GnuWin32\bin and place it under ManageEngine AnalyticsPlus\jre\bin

            Execute the command using the command prompt,

            keytool -importkeystore -srckeystore ./ -srcstoretype PKCS12 -destkeystore server.keystore

            Step 3 Updating the changes in all modules

            - Stop all ManageEngine AnalyticsPlus services.

            - Replacing the existing server.keystores'

                        For version 3500 and below, copy the server.keystore file in the <ManageEngine AnalyticsPlus>\jre\bin directory to the following locations

                        ManageEngine AnalyticsPlus\conf 

                        ManageEngine AnalyticsPlus\accounts\conf

                        ManageEngine AnalyticsPlus\reports\conf

                       For version 3500 and above, copy the server.keystore file in the <ManageEngine AnalyticsPlus>\jre\bin directory to the following location

                        ManageEngine AnalyticsPlus\conf 

            - Start all ManageEngine AnalyticsPlus services.

            Importing a PFX format


            Copy the pfx file (name.pfx) in the following locations and open the file 'server.xml' from the same following locations in a word pad.

            Note: Please take a copy of the server.xml as a backup before making changes

            For version 3500 and below, please copy the pfx file in the following locations


            For version 3600 and above, please copy the pfx file in the below location


            Locate the below entries in the server.xml file.

            keystorePass="accounts" keystoreFile="conf/server.keystore" 

            Please replace the file name server.keystore with the pfx file name (name.pfx) and enter the keystoreType="pkcs12" after the file name. Also replace the keystorePass value 'accounts' with the password for the .pfx file.

            The entries should look like this,

            keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"

            Restart AnalyticsPlus services

            Install a .P7b Certificate


            Some CA will provide the certificates with an extension .p7b. In such a case you can double click on this file to open a console which will list all the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files. 

            These certs can then be installed onto the keystore file using the instructions given in Step 3.

            To export the certificate,

            • Find domain.P7B.

            • Right click on the certificate and select All Tasks -> Export option.

            • The Certificate Export Wizard dialog pops up. Click Next button to proceed.

            • Select the export file format as Base-64 encoded X.509 (.cer). Click Next.

            • Specify the name of the file you want to export. Click Next.

            • The certificate export wizard is completed successfully. You can check for the settings you have specified. Click Finish.

            • A success message appears in a dialog box. Click OK.

            Commands to install certificates of some common vendors

            Please find below the commands you need to use to install certificates of some common vendors.

            NOTE: These instructions might change depending on the Certificates issued by the CA.


            If your CA is "GoDaddy", then the steps to follow will be:


            keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt

            keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt

            keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt

            keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt




            If your CA is "Verisign", then the steps to follow will be:

            keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer

            keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer

            keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer




            If your CA is "Comodo", then the steps to follow will be:


            keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore

            keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore

            keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore

            keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore

            keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore

            Updated: 12 Nov 2018 03:25 AM
            Help us to make this article better
            0 0