Manage Certificates

1. To import / manage certificates, go to Settings → Tools → Manage Certificates.
2. Once you enter, details of the "Certificate currently being used by Applications Manager" will be displayed under SSL configuration tab.
   
   
3. If you want to import a new SSL certificate, login as Super Administrator and click "Import new SSL certificate" button. You will be prompted to choose whether you want to Generate CSR or Import certificate.
   • In case you choose Generate CSR, the following details need to be entered.

     Name	Description
     Common name	Enter the fully qualified domain name that clients/browsers will use to reach your server.
     SAN	Subject Alternative Name: If you are requesting a Multi-Domain (SAN) Certificate, enter any SANs that you want to include with comma(,) as delimiter.
     Organization Unit	The unit or division of the company / organization managing the certificate.
     Organization	The exact legal name of your organization. If you do not have a legal registered organization name, you can enter your own full name here.
     City	Enter your city name.
     State	Enter your state name.
     Country	Enter your country name.
     KeyPair size	Choose your KeyPair size. (2048 or 4096)

     
     

   • After entering the details, click Generate to generate the certificate. If you want to reset the details you've entered, click Reset. On clicking the Generate button your CSR and private key files will be downloaded as a ZIP. Extract the file and use the "AppManager.csr" file to get a signed certificate from a CA of your choice.

   • If you already have a valid certificate and key files (or) a keystore or a PFX file with the certificate, choose Import certificate and click Choose File.
     • Select the appropriate certificate and the key file.
     • Verify the details and choose Import.
     •  If the certificate cannot be validated with trusted sources, you will be asked to provide the intermediate certificates and root certificate files. On successful import, you will be prompted to restart Applications Manager.
     Note:

     • Length of certificate file names to be uploaded should not exceed more than 255 characters.
     • Certificate files to be uploaded should contain only the following list of supported characters in the file names: Alphanumeric, hyphen(-), underscore(_), whitespace( )
     • If the SSL certificate is expiring, then you can import new certificate to replace the existing one.

     

   • If you are using a Keystore or a PFX file, you will be prompted to input the password for opening the file.
     • On clicking Fetch, you will be provided with a list of Key-entries present in the keystore. Choose a specific alias which is to be used to enable SSL in Applications Manager.
     • You will be shown a preview of the certificate information, verify and click on Import for using the certificate.
     • Finally you will be prompted to restart Applications Manager for the changes to take effect.
4. If you want to import Trust Certificates, click on the "Trust Certificates" tab. Here you have 3 options to import certificates into trusted sources.
   
   
   • Fetch certificate from a URL reachable from Applications Manager server: If you choose URL and provide the url of the service you want to trust, you will be prompted to verify and import the fetched certificate. Choose the SSL version from the drop-down menu. By default, it is set as auto. Click Import and it will be added to the trusted sources.
   • Directly upload certificates from a Keystore/Truststore: If you choose this option, then you will have to browse and select the appropriate keystore/truststore/pfx file. Input the password and click Fetch. You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.
   • Directly upload certificates as files: Choose the necessary file. On clicking Import, it will be added to Applications Manager's trust store.
5. Click List certificates tab to view the Keystore Password and List of certificates.