Community and Support
            Knowledge Base Analytics Plus Installation SSL

            Applying an SSL Certificate (Wildcard)

            Please Note: These are general guidelines,  It is always advised to refer the instructions published by respective CAs to import SSL certificate into tomcat server. 


            Importing WildCard SSL certificate (PEM format)

            -----------------------------------------------------------

            Step 1 Updating Keystore

                        Following commands are to be executed from the command prompt in the directory <ME_Analytics_Plus_Home>\jre\bin>

            Input Fully Qualified Domain Name details to ManageEngine AnalyticsPlus Keystore.

            keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore

            Enter the password as 'accounts' (do not change this)

            If you use your own password, you need to update it in the following files after the keyword keystorePass

            <ManageEngine AnalyticsPlus>/conf/server.xml (above version 3500)

            <ManageEngine AnalyticsPlus>/accounts/conf/server.xml

            <ManageEngine AnalyticsPlus>/reports/conf/server.xml 

            Fill in the details and Note : The first prompt asking for name denotes CN, so mention your domain name

            To delete an entry use

            keytool -delete -alias analytics -keystore server.keystore

            Step 2 Import CA into keystore

            keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>

            Place the .pem and .key file under this folder of OpenSSL (C:\Program Files (x86)\GnuWin32in)

            If OpenSSL is not installed, please install to proceed

            Using Command Prompt, go to OpenSSL installation folder location (Ex: C:Program Files (x86)GnuWin32\bin)

            Execute the below command (mydomain.com --> is the actual domain url that is to be used)

            openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out  ./mydomain.com.p12

            Copy the mydomain.com.p12 from the location C:\Program Files (x86)\GnuWin32\bin and place it under ManageEngine AnalyticsPlus\jre\bin

            Execute the command using the command prompt,

            keytool -importkeystore -srckeystore ./mydomain.com.p12 -srcstoretype PKCS12 -destkeystore server.keystore


            Step 3 Updating the changes in all modules

            - Stop all ManageEngine AnalyticsPlus services.


            - Replacing the existing server.keystores'


                        For version 3500 and below, copy the server.keystore file in the <ManageEngine AnalyticsPlus>\jre\bin directory to the following locations

                        ManageEngine AnalyticsPlus\conf 

                        ManageEngine AnalyticsPlus\accounts\conf

                        ManageEngine AnalyticsPlus\reports\conf


                       For version 3500 and above, copy the server.keystore file in the <ManageEngine AnalyticsPlus>\jre\bin directory to the following location


                        ManageEngine AnalyticsPlus\conf 


            - Start all ManageEngine AnalyticsPlus services.


            Importing a PFX format

            ----------------------------

            Copy the pfx file (name.pfx) in the following locations and open the file 'server.xml' from the same following locations in a word pad.

            Note: Please take a copy of the server.xml as a backup before making changes

            For version 3500 and below, please copy the pfx file in the following locations

            C:\ManageEngine\AnalyticsPlus\conf
            C:\ManageEngine\AnalyticsPlus\accounts\conf
            C:\ManageEngine\AnalyticsPlus\reports\conf


            For version 3600 and above, please copy the pfx file in the below location


            C:\ManageEngine\AnalyticsPlus\conf


            Locate the below entries in the server.xml file.

            keystorePass="accounts" keystoreFile="conf/server.keystore" 

            Please replace the file name server.keystore with the pfx file name (name.pfx) and enter the keystoreType="pkcs12" after the file name. Also replace the keystorePass value 'accounts' with the password for the .pfx file.

            The entries should look like this,

            keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"

            Restart AnalyticsPlus services


            Install a .P7b Certificate

            -----------------------------

            Some CA will provide the certificates with an extension .p7b. In such a case you can double click on this file to open a console which will list all the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files. 

            These certs can then be installed onto the keystore file using the instructions given in Step 3.

            To export the certificate,

            • Find domain.P7B.


            • Right click on the certificate and select All Tasks -> Export option.


            • The Certificate Export Wizard dialog pops up. Click Next button to proceed.


            • Select the export file format as Base-64 encoded X.509 (.cer). Click Next.


            • Specify the name of the file you want to export. Click Next.


            • The certificate export wizard is completed successfully. You can check for the settings you have specified. Click Finish.


            • A success message appears in a dialog box. Click OK.


            Commands to install certificates of some common vendors

            Please find below the commands you need to use to install certificates of some common vendors.

            NOTE: These instructions might change depending on the Certificates issued by the CA.

            GoDaddy

            If your CA is "GoDaddy", then the steps to follow will be:

             

            keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt

            keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt

            keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt

            keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt

             

             

            Verisign

            If your CA is "Verisign", then the steps to follow will be:

            keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer

            keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer

            keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer

             

             

            Comodo

            If your CA is "Comodo", then the steps to follow will be:

             

            keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore

            keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore

            keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore

            keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore

            keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore



            Updated: 12 Nov 2018 03:25 AM
            Helpful?  
            Help us to make this article better
            0 0