SSL Certification Tool
To get SSL certified, follow the steps listed below:
- Navigate to Admin --> General Settings --> Product Settings and click SSL Certiciation Tool link.
- In the Common Name field, enter the name of the server.
Example: For the URL https://servername:9251, the common name is servername.
- In the Organizational Unit field, enter the department’s name which you want to be displayed in the certificate.
- In the Organization field, enter the legal name of your organization.
- In the City field, enter the name of the city as provided in your organization’s registered address.
- In the State/Province field, enter the name of the State/Province as provided in your organization’s registered address.
- In the Country Code field, enter the two letter code of the country where your organization is located.
- In the Password field, enter a password no shorter than 6 characters to secure the keystore.
- In the Validity (In Days) field, specify the number of days for which the SSL certificate will be considered valid.
Note: When no value is entered, the certificate will be considered to be valid for 90 days.
- In the Public Key Length (In Bits) field, specify the size of the public key.
Note: The default value is 2048 bits and its value can only be incremented in multiples of 64.
After all values have been entered, you can select either of these two options:
- Generate CSR
This method allows you to generate the CSR, submit it to your CA, and add the signed certificate to the keystore.
Signing the CSR with your CA allows you to host the product securely through the internet.
For more information on how to complete binding the certificate with the product, click here.
- Apply Self-signed Certificate
This option allows you to create a self-signed certificate and bind it instantly with the product but does not allow you to host the product securely on the internet.
Restart the product after you click Apply Selfsigned Certificate to complete binding the certificate to the product.
Steps to bind the certificate with the product after generating the CSR.
- After all values are entered, click Generate CSR.
- Submit the generated CSR to your CA as per the guidelines on their website. The generated CSR can be found at <installation directory>\Certificates\ssl.csr.
- Unzip the certificates returned by CA at: <installation directory>\jre\bin
- Open command prompt, navigate to <Install Dir>\jre\bin, and run the commands corresponding to your CA.
For "GoDaddy" certificates
keytool -import -alias root -keystore ssl.keystore -trustcacerts -file gd_bundle.crt
keytool -import -alias cross -keystore ssl.keystore -trustcacerts -file gd_cross.crt
keytool -import -alias intermed -keystore ssl.keystore -trustcacerts -file gd_intermed.crt
keytool -import -alias tomcat -keystore ssl.keystore -trustcacerts -file ssl.crt
For "Verisign" certificates
keytool -import -alias intermediateCA -keystore ssl.keystore -trustcacerts -file < your intermediate certificate > .cer
keytool -import -alias tomcat -keystore ssl.keystore -trustcacerts -file ssl.cer
For "Comodo" certificates
keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore ssl.keystore
keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore ssl.keystore
keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore ssl.keystore
keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore ssl.keystore
- Navigate to Admin --> General Settings --> Product Settings in the product and make sure "HTTPS" protocol is selected.
- Copy ssl.keystore from <InstallDir>\jre\bin to <InstallDir>\conf
- Edit "server.xml"at <InstallDir>\conf by replacing the value of:
- "keystoreFile" with "./conf/ssl.keystore"
- "keystorePass" with the password you entered into the CSR generator.
- Save server.xml
- Restart the product to complete binding the certificate to AD360.