How to install P7B certificate in ADSelfService Plus?
This article will guide you through the process of applying a single-domain certificate (CER, CRT, P7B, etc.) in ADSelfService Plus.
Step 1: Enable HTTPS in ADSelfService Plus
Enable the HTTPS option under the Connection settings.
- Log in to ADSelfService Plus with admin credentials.
- Navigate to Admin → Product Settings → Connection.
- Check the Enable SSL Port [https] box
- Click Save.
Step 2: Generate CSR
Note: If you already have an SSL certificate, skip to Step 4.
- Click the SSL Certification Tool button.
- In the SSL Tool & Guide window, below the Certificate Signing Request (CSR) Generation section, fill in all the necessary fields. Refer to the table below:
||The name of the server in which ADSelfService Plus is running.
||The names of the additional hosts (sites, IP addresses, etc.) to be protected by the SSL certificate.
||The department name that you want to appear in the certificate.
||The legal name of your organization.
||The city name as provided in your organization’s registered address.
||The state/province as provided in your organization’s registered address.
||The two-letter code of the country in which your organization is located.
||A password must be at least six characters. The more complex the password, the better the security.
|Validity (In days)
||The number of days the certificate should be valid. If no value is provided, it will be set to 90 days.
|Public Key Length (In bits)
||The public key length. The larger the size, the stronger the key. The default size is 1024 bits and can be incremented only in multiples of 64.
- Once you’ve entered all the details, click the Generate CSR button.
Step 3: Submit the generated CSR file to your Certification Authority
- When you click the Generate CSR button, two files—SelfService.csr and SelfService.keystore—will be generated.
- You can locate the SelfService.csr file in <install_dir>\webapps\adssp\certificates folder and the SelfService.keystore file in <install_dir>\jre\bin folder.
- Submit the SelfService.csr file to your Certification Authority (CA).
Step 4: Add the CA-signed certificates to the keystore, and bind it with ADSelfService Plus
Prerequisite: If your certificate is in CER, CRT, PEM, or any other format, convert it to the P7B format. Refer to the Appendix for information on how to convert a certificate to the P7B format.
- Back up the server.keystore, SelfService.p12, server.xml, and web.xml files located at <Install_Directory>\conf folder (Default location: C:\ManageEngine\ADSelfService Plus\conf).
- Copy the certificate file, say cert.P7B, and paste it under the <Install Directory>\jre\bin folder (Default location: C:\ManageEngine\ ADSelfService Plus\jre\bin).
- Open an elevated Command Prompt and change the working directory to the <Install_Directory>\jre\bin folder.
- Now, execute the command given below:
keytool -import -alias tomcat -trustcacerts -file cert.p7b -keystore SelfService.keystore
Note: cert.p7b should be replaced with the name of the P7B certificate file.
- Copy the SelfService.keystore file and paste it in the <Install_Directory>\conf folder.
- Open the server.xml file, located in the <Install_Directory>\conf folder, in a text editor. Scroll down to the end of the file, where you’ll find a connector tag as shown below.
- Modify the following properties:
- Replace the value of keystoreFile with ./conf/SelfService.keystore.
- Replace the value of keystorePass with the password you used while generating the CSR for this certificate file.
- Delete the keystoreType=PKCS12 property.
Note: The keystoreType property will appear in the Connector tag only if the ADSelfService Plus build is 5701 or above. For lower builds, ignore Step c.
Example: <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/SelfService.keystore" keystorePass="********" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="9251" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
- Restart ADSelfService Plus, and check if the certificates are installed correctly.
- Steps to convert a certificate file in CER, CRT, or PEM format to P7B format:
- Double-click on the certificate file to open it in the Certificate window.
- Select Details and click Copy to File….
- Click Next in the Certificate Export Wizard that opens.
- Select the Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) option, and check the Include all certificates in the certification path if possible box.
- Click Browse to select a destination to store the file and enter the File name.
- Review the information, and click Finish.
- Preferred cipher for improved security in ADSelfService Plus
Need further assistance? Fill this form, and we'll contact you rightaway.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.