Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Steps for enabling SSL

The following steps will guide you through enabling SSL in ADAudit Plus:

Step 1: Defining the SSL port

Logon to ADAudit Plus with an account that has administrative privileges.

Navigate to Admin > General Settings > Connection.

Enable SSL by checking the checkbox, then enter the port number [default: 8444] you plan on using for ADAudit Plus and save changes

Now stop ADAudit Plus by navigating through Start > All Programs > ADAudit Plus > Stop ADAudit Plus.

Step 2: Create the Keystore

The keystore is a password protected file that contains all the keys that the server will use for SSL transactions.

  • To create the certificate keystore file, from <installation directory> \ jre \bin, execute the following command in the command prompt:

    keytool -genkey -alias tomcat -keypass <your key password> -keyalg RSA -validity 1000
    -keystore <domainName>.keystore

Provide information based on the following guidelines:

What is the first and last name? The NetBIOS (if the DNS domain name is test.example.com, the NetBIOS domain name is test) or FQDN name (an FQDN for a hypothetical mail server might be mymail.example.com. The hostname is mymail, and the host is located within the domain example.com) of the server on which ADAudit Plus is running.
What is the name of your Organizational Unit? The department name that you want to appear in the certification.
What is the name of your organization? Provide the legal name of your organization.
What is the name of your city? Enter the city name as provided in your organization’s registered address.
What is the name of your state/province? Enter the State/Province as provided in your organization’s registered address.
What is your country code? Provide the 2-letter code of the country your organization is located in.
Password Enter a password of at least 6 characters.

Step 3: Generate a Certificate Signing Request (CSR) and submit it to your Certifying Authority

1. Creating a Certificate Signing Request (CSR)
  • To create a csr (Certificate Signing Request) file from the <installation directory> \ jre \ bin, execute the following command in the command prompt:
  • keytool -certreq -alias tomcat -keyalg RSA -keystore <domainName>.keystore -file
    <domainName>.csr

    (or)

  • To create a Certificate Signing Request (CSR) with Subject Alternative Name (SAN), execute the following command in the command prompt:

     

    keytool -certreq -alias tomcat -keyalg RSA -ext
    SAN=dns:server_name,dns:server_name.domain.com,dns:server_name.domain1.com
    -keystore <domainName>.keystore -file <domainName>.csr

2. Submit the CSR file to your Certifying Authority (CA). You can locate the CSR file at <install_dir>\ADAudit Plus\jre\bin

Step 4: Add the CA signed certificates to the keystore

Add the CA signed certificates to the keystore
  • Unzip the certificates returned by your CA and put them in <install_dir>/jre/bin folder
  • Open the command prompt and navigate to <install_dir>/jre/bin folder
  • Now, run the respective commands from the below list as applicable to your CA:

For "GoDaddy" certificates

  • keytool -import -alias root -keystore <domainName>.keystore -trustcacerts -file
    gd_bundle.crt
  • keytool -import -alias cross -keystore <domainName>.keystore -trustcacerts -file
    gd_cross.crt
  • keytool -import -alias intermed -keystore <domainName>.keystore -trustcacerts
    -file gd_intermed.crt
  • keytool -import -alias tomcat -keystore <domainName>.keystore -trustcacerts -file
    <domainName>.crt

For "Verisign" certificates

  • keytool -import -alias intermediateCA -keystore <domainName>.keystore
    -trustcacerts -file < your intermediate certificate.cer>
  • keytool -import -alias tomcat -keystore <domainName>.keystore -trustcacerts -file <domainName>.cer

For "Comodo" certificates

  • keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore
    <domainName>.keystore
  • keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt
    -keystore <domainName>.keystore
  • keytool -import -trustcacerts -alias ComodoUTNServer -file
    ComodoUTNServerCA.crt - keystore <domainName>.keystore
  • keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore
    <domainName>.keystore

For "Entrust" certificates

  • keytool -import -alias Entrust_L1C -keystore <keystore-name.keystore> -trustcacerts
    -file entrust_root.cer
  • keytool -import -alias Entrust_2048_chain -keystore <keystore-name.keystore> -
    trustcacerts -file entrust_2048_ssl.cer
  • keytool -import -alias -keystore <keystore-name.keystore> -trustcacerts -file
    <domain-name.cer>

Purchased directly from Thawte

  • keytool -import -trustcacerts -alias tomcat -file <certificate-name.p7b> -keystore
    <keystore-name.keystore>

Purchased through the Thawte reseller channel:

  • keytool -import -trustcacerts -alias thawteca -file <SSL_PrimaryCA.cer> -keystore
    <keystore-name.keystore>
  • keytool -import -trustcacerts -alias thawtecasec -file <SSL_SecondaryCA.cer> -
    keystore <keystore-name.keystore>
  • keytool -import -trustcacerts -alias tomcat -file <certificate-name.cer> -keystore
    <keystore-name.keystore>>

For self signed (Internal CA) certificates:

Keytool –import –trustcacerts –alias tomcat –file certnew.p7b –keystore
<keystore_name >.keystore

Note:If you are receiving the certificates from a CA who is not in the list provided above, then contact your CA to get the commands required to add their certificates to the keystore.

Step 5: Bind the certificates to ADAudit Plus

  • Copy the <domainName>.keystore file from <install_dir>\jre\bin folder and paste it in <install_dir>\conf folder
  • Open ‘server.xml’ file located at <install_dir>\conf folder
  • Replace the value of keystoreFile with ‘./conf/<domainName>.keystore’ and keystorePass with the password that you used in Step 1
  • Save ‘server.xml’ file and close it
  • Restart ADAudit Plus again for the changes to take effect.

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting