SSL configuration for AD360 and integrated components
AD360 supports SSL connection to ensure security of data transferred between the browser and the AD360 server.
You can apply SSL certificates for both AD360 and its integrated components centrally from AD360 itself. You don’t have to configure and apply the SSL certificates for individual components separately.
Currently, centralized SSL configuration is supported for ADManager Plus, ADSelfService Plus, Exchange Reporter Plus, and O365 Manager Plus components. Other components will be supported soon.
Steps to apply SSL certificate and enable HTTPS
Let’s see how to generate and apply a SSL certificate for AD360 and its integrated components.
- Navigate to Admin → General Settings → SSL Certification Tool.
- If you don’t have a SSL certificate, select the Generate Certificate option and follow the steps here.
- If you already have a SSL certificate, select the Apply Certificate option and follow the steps here.
If you already have a SSL certificate, follow the steps listed below to apply it.
- In the Apply Certificate to drop-down, select the component for which you want to apply the SSL certificate.
- Choose an Upload Option based on the certificate file type.
- If your CA has sent you a ZIP file, then select ZIP Upload, and upload the file.
- If your CA has sent you individual certificate files—user, intermediary, and root certificates, then you can put all these certificate files in a ZIP file and upload it.
- If your CA has sent you just one certificate file (PFX or PEM format), then select Individual Certificates, and upload the file.
- If your CA has sent the certificate content, then paste the content in a text editor and save it as a CER, CRT, or PEM format, and upload the file.
If the certificate file requires a password, then enter it in the Certificate Password field. Or, if the certificate contains a password-protected private key, enter the password in the Private Key Passphrase field.
- If your CA has sent just the certificate content, then choose Certificate Content option, and paste the entire content.
Note: Only Triple DES encrypted private keys are currently supported.
Finally, restart AD360 and its components.
- In the Common Name field, enter the name of the server.
Example: For the URL https://servername:9251, the common name is servername.
- In the Organizational Unit field, enter the department’s name which you want to be displayed in the certificate.
- In the Organization field, enter the legal name of your organization.
- In the City field, enter the name of the city as provided in your organization’s registered address.
- In the State/Province field, enter the name of the state or province as provided in your organization’s registered address.
- In the Country Code field, enter the two letter code of the country where your organization is located.
- In the Password field, enter a password that consists of at least 6 characters to secure the keystore.
- In the Validity (In Days) field, specify the number of days for which the SSL certificate will be considered valid.
Note: When no value is entered, the certificate will be considered to be valid for 90 days.
- In the Public Key Length (In Bits) field, specify the size of the public key.
Note: The default value is 2048 bits and its value can only be incremented in multiples of 64.
- After all values have been entered, you can select either of these two options:
- Generate CSR
This method allows you to generate the CSR file and submit it to your CA. Using this file, your CA will generate a custom certificate for your server.
Apply Self-signed Certificate
- Click Download CSR or manually get it by going to the <Install_dir>\Certificates folder.
- Once you have received the certificate files from your CA, follow the steps listed under Apply Certificate to apply the SSL certificate.
This option allows you to create a self-signed certificate and apply it instantly in the product. However, self-signed SSL certificates come with a drawback. Anyone accessing the product secured with a self-signed SSL certificate will be shown a warning telling them that the website is not trusted, which may cause concern.
If you want to go ahead and apply the self-signed certificate, follow the steps given below:
- Click Apply Self-Signed Certificate.
- You’ll be taken directly to step 3.
- Here, select the components in which you want to apply the self-signed certificate from Apply certificate to drop-down box.
- Once you get the message that SSL certificate has been successfully applied, restart the components for the changes to take effect.