SSL certificate tool

    What is SSL?

    Secure Socket Layer (SSL) is a protocol that establishes an encrypted connection between a client and a server so that information can be transferred securely.

    To activate SSL on a web server, an SSL certificate is required.

    An SSL certificate is a digital certificate that describes the authenticity and the integrity of the domain and also the company to which the site belongs. Once the SSL certificate is configured on the server, SSL is automatically activated.

    The HTTPS in the URL of a site and the padlock symbol next to it, indicate that SSL is enabled. User(s) can also click on the padlock to view the certificate and the details of the certificate.

    Important SSL-related terms:

    Term Description
    Certificate Signing Request (CSR) To receive an SSL certificate, a Certificate Signing Request (CSR) needs to be created and submitted to a certificate Authority (CA).
    certificate Authority (CA) CA is an entity that verifies all the details mentioned in the CSR ( name of the organization & more), and then issues the certificate. There are two types of CAs- internal CA and external CA.  An internal CA is a member server or domain controller in a specific domain, that has been assigned the role of a CA. External CAs are third party applications, like Comodo, Verisign, and more, that issue an SSL certificate for your organization. 
    Keystore A keystore is a repository that contains the public and private keys required for encryption and decryption of data once a secure connection is established between the client and the server. 

    The usual process of obtaining and applying an SSL certificate:

    1. Create the CSR.
    2. Submit the CSR to your CA.
    3. The CA binds the CSR with digital signatures and returns the certificates.
    4. Apply the certificates to your domain.

    The SSL Certificate Tool of ADManager Plus allows you to:

    1. Generate a CSR
    2. Generate a self-signed SSL certificate
    3. Apply the SSL certificate

    Steps to generate an SSL certificate using ADManager Plus:

    1. Logon to ADManager Plus and navigate to the Admin tab. Expand the General Settings section in the left navigation pane and click on Connection.
    2. Click on SL Certificate Tool option. Select the Generate Certificate option.
    3. Under Common Name field, enter the NetBIOS or FQDN of the server on which ADManager Plus is configured.
      Example: For the URL https://servername:9251, the common name is servername.
    4. Under the SAN Names field, enter the desired Subjective Alternative Names.
    5. Under the Organizational Unit field, enter the name of the OU of your choice .
    6. Under the Organization field, specify the legal name of your organization .
    7. Enter the City, State or Province, and the two-letter code of the country, as specified in your organization's registered address.
    8. Enter a password of at least six characters to secure the keystore of the certificate.
    9. Specify the number of days for which the SSL certificate has to remain valid under the Validity (in days) field.
    10. Specify the size of the Public Key in bits. The Public Key size can only be specified in multiples of 64 and the default size is 2048 bits.
    11. Click on Generate CSR if you wish to generate CSR, submit it to your CA, get the valid SSL, and then apply it to ADManager Plus.
      For this:
      • Click Download CSR or manually get it by going to the <Install_dir>\Certificates folder.
      • Once you have received the certificate files from your CA, follow the steps listed under Steps to apply an SSL certificate to ADManager Plus.
    12. Click on Generate & Apply Self-Signed Certificate if you wish to automatically generate and apply a self-signed certificate to ADManager Plus. 

    Steps to apply an SSL certificate to ADManager Plus:

    1. Logon to ADManager Plus and navigate to the Admin tab. Expand the General Settings section in the left navigation pane and click on Connection.
    2. Click on SSL Certificate Tool option. Select the Apply Certificate option.
    3. Select any one of the following methods using which you wish to upload the SSL certificate:
      • ZIP Upload
        1. If your CA has given you a ZIP file, then select ZIP Upload, and upload the file.
        2. If your CA has sent you individual certificate files- user, intermediary, and root certificates, then combine all of them in a ZIP file and upload it.
          NOTE: After uploading the ZIP file, specify the passphrase of your Private Key.
      • Individual Certificate

        If your CA has given only one certificate in the PFX or PEM format, then select the individual certificates, and upload them. Enter the Certificate Password.

      • Certificate Content

        If your CA has sent the certificate content, then paste the content in a text editor, and save the file in a CER, CRT, or PEM format, and upload that file.
        NOTE: Enter the Private Key Passphrase after uploading the file. 

    4. Click Apply.