Entrusting 'SSL Certification' with SSL Certification Tool:

 

Entrusting this 'SSL Certificate' upon an ADSelfService Plus ensures 'safe transfer of data' between this application & various others.

 

The SSL Tool brings about data security via 'encryption' process.

 

This page provides you with the 'Guidelines for Installing the SSL certificate' along with a 'CSR Generator form'.

 

Guidelines For Installing The SSL Certificate On The ADSelfService Plus Application:

 

Installing the 'SSL certificate onto the ADSelfService Plus' application is a 'three-step process':

  1. SSL Certficate Request

  2. Generating The Keystore File &

  3. Embedding the SSL Certificate With ADSelfService Plus

 

SSL Certificate Request:

 

Before requesting for a certificate from any certifying authority,one needs to create a tomcat specific '.csr file' & a '.keystore file'.These two files should be named as 'selfservice.csr' & 'selfservice.keystore' respectively.

 

 

Generating The 'csr' file:(with the help of the 'CSI GENERATOR' form)

 

Steps To Be Followed:

 

  1. In the 'Common Name' textbox,provide the 'domain name' for accessing the 'Server'(eg. www.example.com)

  2. Specify the 'Organizational Unit'(OU) in the respective textbox provided

  3. In the 'Organization' textbox,provide the 'Legal Name' of your organization.

  4. Specify the 'City'(in which your organization is located) in the textbox provided

  5. Mention the 'State/Province' (in which your organization is located) in the respective textbox provided

  6. Provide the 'Country Code'(of the country where your organization is located)

  7. In the 'Password' textbox,specify the 'Password'(minimum 6 characters in length) that you will be asked while installing the certificate

Optional Features:

  1. In the 'Validity' textbox, set the 'Validity Period' for the certificate(by default,it is 90 days)

  2. Public Key Length

  3. Click on the 'Generate CSR' button to generate the CSR file.

 

Generating The Keystore File (and associating it to the CA signed certificates):

  1. Unzip & extract all the certificates received from the CA to the <installation directory>\jre\bin

  2. To generate keystore and add signed certificates,follow the below mentioned instructions:

Directions to generate keystore for 'Go Daddy' certificates:

 

keytool -import -alias root keystore selfservice.keystore -trustcacerts -file gd_bundle.crt
keytool -import -alias cross -keystore selfservice.keystore -trustcacerts -file gd_cross.crt
keytool -import -alias intermed -keystore selfservice.keystore -trustcacerts -file gd_intermed.crt
keytool -import -alias tomcat -keystore selfservice.keystore -trustcacerts -file selfservice.crt

 

 

Directions to generate keystore for 'Verisign' certificates:

 

keytool -import -alias intermediateCA -keystore selfservice.keystore -trustcacerts -file < your intermediate certificate > .cer
keytool -import -alias tomcat -keystore selfservice.keystore -trustcacerts -file selfservice.cer

 

 

Directions to generate keystore for 'Comodo' certificates:

 

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore selfservice.keystore
keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore selfservice.keystore
keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore selfservice.keystore
keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore selfservice.keystore

 

 

Embedding The SSL Certificate into ADSelfService Plus:

 

  1. Ensure that Enable SSL Port is checked in the product.

  2. Login in to "ADSelfService Plus"

  3. Click on Admin -->>Product Settings -->>'Connection'

  4. Provide check against 'Enable SSL Port' option

  5. Click on Save (This will "Enable SSL Port")

  1.   Copy SelfService.keystore from <InstallDir>\jre\bin to <InstallDir>\conf

  1.   Edit "server.xml"(at <InstallDir>\conf) by replacing the value of:

  2.      "keystoreFile" with "./conf/SelfService.keystore"

  3.      "keystorePass" with whatever password you entered into the CSR generator. Save the server.xml

  1.   Restart ADSelfService Plus.

 

If the browser presents no warning,then you have installed the SSL certificate successfully.

 

 

  • You are provided with the option of 'editing' an 'already configured connection' by clicking on the 'Edit' icon.

  • Changes in the 'Port Number' will come into effect only at the 'Restart of the ADSelfService Plus application'

  • Incase you want to refer to the 'Server' with the 'Machine Name' instead of using the 'Port Address',then it can be done so by declaring the 'Port Number' as '80'.

 

 

 

Copyright © 2011, ZOHO Corp. All Rights Reserved.
ManageEngine