Pricing  Get Quote
 
 

How to install P7B certificate in ADSelfService Plus?

Summary

This article will guide you through the process of applying a single-domain certificate (CER, CRT, P7B, etc.) in ADSelfService Plus.

Configuration steps

Step 1: Enable HTTPS in ADSelfService Plus

enable-https-in-adselfservice-plus

Enable the HTTPS option under the Connection settings.

  1. Log in to ADSelfService Plus with admin credentials.
  2. Navigate to Admin → Product Settings → Connection.
  3. Check the Enable SSL Port [https] box
  4. Click Save.

Step 2: Generate CSR

Note: If you already have an SSL certificate, skip to Step 4.
  1. Click the Apply SSL Certificate button.

    ssl-connection-settings

  2. Click Generate Certificate and fill in all the necessary fields. Refer to the table below:
    Common Name The name of the server in which ADSelfService Plus is running.
    SAN Name The names of the additional hosts (sites, IP addresses, etc.) to be protected by the SSL certificate.
    Organizational Unit The department name that you want to appear in the certificate.
    Organization The legal name of your organization.
    City The city name as provided in your organization’s registered address.
    State/Province The state/province as provided in your organization’s registered address.
    Country Code The two-letter code of the country in which your organization is located.
    Password A password must be at least six characters. The more complex the password, the better the security.
    Validity (In days) The number of days the certificate should be valid. If no value is provided, it will be set to 90 days.
    Public Key Length (In bits) The public key length. The larger the size, the stronger the key. The default size is 1024 bits and can be incremented only in multiples of 64.

    csr-generation

  3. Once you’ve entered all the details, you can either click the Generate CSR button or, if you wish to generate a self-signed certificate, click the Generate & Apply Self-signed Certificate button.

Step 3: Submit the generated CSR file to your Certification Authority

  1. When you click the Generate CSR button, SelfService.csr will be generated.
  2. The generated CSR file is stored at <InstallDir>\webapps\adssp\Certificates
  3. Submit the SelfService.csr file to your Certification Authority (CA).

Step 4: Bind the CA-signed certificate with ADSelfService Plus

  1. Select the Apply Certificate option.
  2. Click Browse to upload the certificate.
  3. In the Certificate Password field, enter the password of the uploaded certificate.
  4. Click Apply.

Using the admin portal

Note: The Endpoint MFA feature will be accessible after installing the SSL certificates only if the Protocol option has been set to HTTPS under Configure Access URL (Admin > Customize > Product Settings > Connection > Connection Settings > Configure Access URL).

Appendix

  1. Steps to convert a certificate file in CER, CRT, or PEM format to P7B format:
    • Double-click on the certificate file to open it in the Certificate window.
    • Select Details and click Copy to File….

      certificate-details

    • Click Next in the Certificate Export Wizard that opens.
    • Select the Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) option, and check the Include all certificates in the certification path if possible box.

      p7b-certificate-conversion-wizard

    • Click Browse to select a destination to store the file and enter the File name.
    • Review the information, and click Finish.
  2. Preferred cipher for improved security in ADSelfService Plus

    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_ CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"

 

Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management