Configuring Custom SSL Certificates in DDI Central Windows

By default, DDI Central ships with a bundled self-signed SSL certificate to enable secure HTTPS access to the application. However, organizations often prefer to deploy their own SSL certificates—whether a wildcard certificate covering multiple subdomains or a custom certificate issued by their enterprise Certificate Authority (CA)—to ensure compliance, branding, and trust alignment.

This guide walks you through the steps required to upload and configure your own SSL certificate in DDI Central running on Windows environments.

Prerequisites

  • A valid wildcard or custom SSL certificate issued by a trusted Certificate Authority (CA).
  • Certificate converted into .CRT (certificate file) and .KEY (private key file) formats.
  • Administrative access to the DDI Central installation directory.

Step-by-Step procedure

1. Stop the DDI Central service

Before making any changes, stop the DDI Central server to avoid conflicts.

  • Open the Services panel on your Windows desktop.
  • Search for and select the ManageEngine DDICentral service.
  • On the left side of the panel, click the Stop hyperlink to stop the selected service.

2. Navigate to the DDI Central installation directory

Open Command Prompt in Run as Administrator mode and navigate to the installation directory:

Windows: C:\Program Files\ManageEngine\ddi\httpd\conf

3. Prepare your SSL certificate

Convert your certificate into the following formats:

  • .crt (certificate file)
  • .key (private key file)

Example: mydomain_ssl.crt and mydomain_ssl.ke

Tip: Use OpenSSL or your certificate provider’s tools for conversion.

4. Replace default certificate files

  • Copy your .CRT and .KEY files into the conf directory.
  • Locate and overwrite the existing files under the path given below, or rename them to align with your naming convention.

SSLCertificateFile /usr/local/httpd/conf/ddi-selfsigned.crt

SSLCertificateKeyFile /usr/local/httpd/conf/ddi-selfsigned.key

5. Update the SSL configuration file

Open the SSL configuration file:

ddi-ssl-win.conf

Locate and update the following lines with your wildcard certificate file names:

SSLCertificateFile "C:/Program Files/ManageEngine/ddi/httpd/conf/your-wildcard-cert.crt"

SSLCertificateKeyFile "C:/Program Files/ManageEngine/ddi/httpd/conf/your-wildcard-cert.key"

6. Restart the DDI Central service

After completing the upgrade, return to the Services panel.

Select the ManageEngine DDICentral service and click Restart to restart the service.

7. Verification

  1. Open a browser and access your DDI Central console.
  2. Confirm the certificate is correctly applied by checking the HTTPS padlock details.
  3. Ensure the certificate shows your organization’s CA-issued wildcard or custom certificate.
  4. You have successfully configured a custom SSL certificate for DDI Central on Windows.