Generating and Merging Self-signed Certificates

    1. Generating Self-signed Certificate to Connect to Secured Servers  

    Whenever a product is running in secured (HTTPS/IMAPS/POPS/LDAPS) mode, it is required to generate a self-signed certificate, in order to connect ServiceDesk Plus with the respective secured server. 

    Steps Required:

    The following steps should be followed to establish connection between ServiceDesk Plus and the corresponding secured server.

    1. Download the .zip file from the links given below and extract it to "ManageEngine\ServiceDesk"

    For Linux:

    For Windows:  


    2. Connect to the command prompt. Go to "ManageEngine\ServiceDesk" and run the batch file with following format:

    For Linux:

    C:>ManageEngine\ServiceDesk>  servername:portnumber

    For Windows:

    C:>ManageEngine\ServiceDesk>gencert.bat  servername:portnumber


    3. On running the command, you will receive an exception PKIX and will ask you to enter a value. Provide value 1 that will generate a file named jssecacerts under "ManageEngine\ServiceDesk" .

    4. Copy the jssecacerts file under "ManageEngine\ServiceDesk\jre\lib" security folder.  


    Now, restart the ServiceDesk Plus application for the connection with the secured server to work.


    2. Merging Certificates When Multiple Products are Configured in Secured Mode

    It is possible to merge the certificates of two or more products running in secured mode. You can merge the certificates during the following situations:

    • When both incoming and outgoing mail servers are in secured mode.
    • When you try to connect two or more ME products running in secured mode.
    • When you try to connect secured ME products and secured mail server.

    Let us consider a Mail server running in secured mode. You have to generate certificate for the Mail server by using these steps, which provides you with a jssecacerts file. If you wish to connect another ManageEngine (ME) product, say Desktop Central (DC) running in HTTPs mode, then you need to create a certificate for that product too using the same steps, which provides you with another jssecacerts file. Now, there are 2 jssecacerts files, which can be merged.

    Important!: Always remember, whenever you merge the certificates, the "alias" has to be different. If the alias are same, overwriting occurs.
    For example, if Mail server and DC are running in the same machine, then when generating certificate using "gencert.bat", give Hostname as machine name for the former and FQDN as machine name for the latter.

    3. Example

    The following is an example for creating and merging certificates for Mail server and Desktop Central.

    Generating Certificates:

    Consider, the Mail server and the DC are installed in a win7-test machine. Now, create separate certificates for both by using the below commands:

    For Mailserver > gencert.bat win7-test:9443

    At the end of the certificate generation, a message is shown as "Added certificate to keystore 'jssecacerts' using alias 'win7-test-1'
    It automatically gets saved as "jssecacerts".


    For DC > gencert.bat localhost:8383

    At the end of the certificate generation, a message is shown as "Added certificate to keystore 'jssecacerts' using alias 'localhost-1'
    It automatically gets saved as "jssecacerts". Rename it to "jssecacerts-dc".


    Merging Certificates:

    Once the certificates are generated, copy thems under the \ServiceDesk\jre\lib\security folder. Execute the below command:
    >keytool -importkeystore -noprompt -srckeystore jssecacerts-dc -destkeystore jssecacerts

    Now, restart Servicedesk Plus for both the Mail server and DC connections to work.

    Copyright © 2017, ZOHO Corp. All Rights Reserved.