Home  »  SSL Domain Certificate Implementation

SSL Domain Certificate Implementation

Tags:  

Import third party SSL Certificate in IT360

This procedure is common to all editions of IT360 - Professional Edition, Enterprise Edition, and MSP Edition.

In order to implement SSL, a web server must have an associated certificate for each external interface (IP address) that accepts secure connections.

Procedure for getting SSL Certificate for Tomcat webserver:

Following commands are to be executed from the command prompt in the directory <IT360_Home>\jre\bin:

1.  keytool -genkey -alias CentralSSL -keyalg RSA -keystore it360.keystore

Note: i. Depending on the requirement, keysize can also be specified as an argument.  In that case, the syntax of the command to be used is: 

   keytool -genkey -alias CentralSSL -keyalg RSA -keysize 2048 -keystore it360.keystore

ii. If the keysize argument is not specified, default value taken will be 1024. 

   It will prompt for a password. Enter the password say 'it-360'. This will be the keystore password - <keystore password>.

IT360 file updates to be done if you use your own password instead of the default ['it-360']

If you use your own password other than the default [that is, 'it-360' in this case] then, you need to update the [own] password in the following files:

  • For Applications module [applicable to all editions of IT360; Professional Edition, Enterprise Edition-Central and Probes; MSP Edition-Central Server and Probes]:

server.xml, present under <IT360-Home>/applications/working/apache/tomcat/conf/backup
consolefilter.properties, present under <IT360-Home>/applications/working/conf

  • For IT360 console [applicable to all editions of IT360; Professional Edition, Enterprise Edition-Central and Probes; MSP Edition-Central Server and Probes]:

server.xml, present under <IT360-Home>/conf 
consolefilter.properties, present under <IT360-Home>/conf/Console

  • For Networks module [applicable to Professional Edition, Enterprise Edition-Probes, MSP Edition-Probes]:

ssl_server.xml, present under <IT360-Home>/networks/tomcat/conf/backup
consolefilter.properties, present under <IT360-Home>/networks/conf

  • Traffic module [applicable to Professional Edition, Enterprise Edition-Probes, MSP Edition-Probes]:

server.xml. present under <IT360-Home>/traffic/server/default/deploy/jbossweb-tomcat50.sar
consolefilter.properties, present under <IT360-Home>/traffic/server/default/conf

  • Servicedesk module [applicable to Professional Edition, Enterprise Edition-Central Server, MSP Edition-Central Server]:

server.xml, present under <IT360-Home>/servicedesk/server/default/deploy/jbossweb-tomcat50.sar
consolefilter.properties, present under <IT360-Home>/servicedesk/server/default/conf

Example:

CN =mydomain

Enter your exact host and domain name that you wish to secure. Say, If you wish to secure http://www.mydomain.com/, then you will need to enter the exact host (www) and domain name (mydomain.com) in this field}.

If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com/ 

OU=MSP,  O = My organization, L = Los Angles, S = CA, C = US.

Again it will ask for a password give the same password you gave previously <keystore password>

2. keytool -certreq -keyalg RSA -alias CentralSSL -file certreq.csr -keystore it360.keystore

    (Preserve this it360.keystore in this directory itself. Don't  delete this file since this will be used for import in the subsequent steps) 

A "certreq.csr" file will be created in the <IT360-Home>\jre\bin directory.

3. Submit the certreq.csr file to the CA and get the certificate file from the Certificate Authority(CA) for web server "tomcat".

4. keytool -import -alias root -keystore it360.keystore -trustcacerts -file <filename_of_the_chain_certificate>

    [Chain or root Certificate file, that would be given by CA].

5. keytool -import -alias intermediate -keystore it360.keystore -trustcacerts -file <filename_of_the_intermediate_certificate> 

    [Intermediate Certificate file (if any), that would be given by CA].

6. keytool -import -alias CentralSSL -keystore it360.keystore -trustcacerts -file <your_certificate_filename>

    [Certificate file sent by CA to you specifically for your domain]

7. Copy the it360.keystore file in the <IT360-Home>\jre\bin directory to the following directories:

a) IT360: <IT360-Home>\IT360\conf

b) Applications<IT360-Home>\IT360\applications\conf

c) Networks<IT360-Home>\IT360\networks\conf

Perform the below actions, while copying it360.keystore to the <IT360-Home>\IT360\networks\conf directory:
i)  Backup the files OpManager.truststore and it360.keystore available under IT360\networks\conf\ and delete them.
ii) Paste it360.keystore under IT360\networks\conf 2 times. Leave one copy as such and rename the other copy as OpManager.truststore.

d) Traffic: For IT360 build below 10.0<IT360-Home>\IT360\traffic\server\default\conf 
               For IT360 build 10.0 and above: <IT360-Home>\IT360\traffic\conf 

e) ServiceDesk: <IT360-Home>\IT360\servicedesk\server\default\conf

f) Opstor: <OpStor_Home>\conf (Note: This copy should happen only if you have enabled/purchased the Storage Module)

8. Restart the IT360 server.

To use a wildcard SSL certificate that was generated using AutoCSR:

https://forums.manageengine.com/topic/using-existing-ssl-certificate-with-servicedesk


Praveen 246 - days ago 
Please modify the location of conf inside traffic module to copy it360.keystore file from <IT360-Home>\IT360\traffic\server\default\conf to <IT360-Home>\IT360\traffic\conf.
Prabha T 143 - days ago 
@praveen: The change is done.
Prabha T 142 - days ago 
The steps to be followed while copying "it360.keystore" to "<IT360-Home>\IT360\networks\conf" directory are added.




 RSS of this page