Você está na página 1de 4

Install SSL Certificate

ADSelfService Plus runs as a HTTPS service. It requires a valid CA-signed SSL certificate with the principal name as the name f the h st n which it runs. !" default# n first time startup# it creates a self signed certificate. This self signed certificate will n t $e trusted $" the user $r wsers. Thus# while c nnecting t ADSelfService Plus# " u need t manuall" verif" the certificate inf rmati n and the h stname f ADSelfService Plus server carefull" and sh uld f rce the $r wser t accept the certificate. T ma%e the ADSelfService Plus server identif" itself c rrectl" t the we$ $r wser and the user&

' u need t

$tain a new signed certificate fr m a CA f r the ADSelfService Plus h st.

' u can use %e"t l ($undled with )ava* t create " ur certificates# get them signed $" a CA and use them with ADSelfService Plus. A detailed instructi n n using %e"t l is pr vided here. Step +& Startup Pr cess Step ,& Certificate -equest Pr cess Step .& Certificate Issuance Pr cess Step /& Ass ciating the Certificate with ADSelfService Plus Step 1: Startup Process : This is the initial settings t $e made in ADSelfService Plus $ef re appl"ing f r an SSL Certificate. +. Start ADSelfService Plus. (Start --0 All Pr grams --0 ADSelfService Plus --0 Start ADSelfService Plus*. ,. Change the P rt Settings fr m http t https. (1Admin1 ta$ --0 1C nnecti n1 (left pane* --0 Chec% 12na$le SSL P rt 3https41 --0 Save*. .. St p ADSelfService Plus. (Start --0 All Pr grams --0 ADSelfService Plus --0 St p ADSelfService Plus*.

Step 2: Certificate Request Process : !ef re requesting f r a certificate fr m an" certif"ing auth rit" ne needs t Create t mcat specific ".keystore" file and ".csr" file# which will $e further referred as <domain ame!.keystore and <domain ame!.csr respectivel". The <domainname!.keystore and <domain ame!.csr will include inf rmati n pr vided $" the individual wh creates the .keystore and .csr files. "o create t#e .keystore file follo$ t#e %elo$ steps +. 5pen the C mmand Pr mpt ,. 6r m the l cati n <installation directory! & 're & %in e7ecute the $el w c mmand. %e"t l -gen%e" -alias t mcat -%e"pass <your key pass$ord! -%e"alg -SA -validit" +888 -%e"st re <domain ame!.keystore .. This will pr mpt " u t enter a series f values that are part f the distinguished name (D9* f the server that will h st ADSelfService Plus ote: At the end f e7ecuting the a$ ve c mmand# " u will $e pr mpted t enter %e"st re passw rd. Tr" giving the passw rd same as " ur %e" passw rd. "o create t#e .csr (Certificate Si)nin) Request* file follo$ t#e %elo$ steps 5pen the C mmand Pr mpt 6r m the l cati n <installation directory! & 're & %in e7ecute the $el w c mmand. %e"t l -certreq -alias t mcat -%e"alg -SA -%e"st re <domain ame!.keystore -file <domain ame!.csr o The .csr (Certificate Signing -equest* file is temp rar" and will need t $e su$mitted t a CA (Certif"ing Auth rit"* t receive C+,Si)ned Certificate files.
o o

Step -: Certificate Issuance Process : The third steps tal%s a$ ut the Certificate Issuance Pr cess where the temp rar" files created are su$mitted t certif"ing auth rit" t receive a C+,Si)ned Certificate.
+. S me f the pr minent CAs are .erisi)n (http&::verisign.c m*# /o0addy

(http&::www.g dadd".c m:*# Comodo (http&::www.c m d .c m*. Chec% their d cumentati n : we$site f r details n su$mitting CS-s and this will inv lve a c st t $e paid t the CA ,. Su$mit the created temp rar" file <domain ame!.csr file t the Certificate Auth rit" (CA*# t receive <domain ame!.crt r <domain ame!.cer file al ng with ther certificate files in a ;ipped f rmat.

.. This pr cess usuall" ta%es a few da"s time and " u will $e returned " ur signed SSL certificate and the CA<s r t certificate as .cer files 5nce the C+,Si)ned Certificate is received fr m the Certif"ing Auth rit" (CA*
o o

=n;ip and e7tract the certificate files int <installation! & 're & %in f lder.
Install the menti ned. t# Intermediate and Primar" Certificate files in the same sequence as

ote: 2ach time " u install a certificate t " ur %e"st re " u will $e pr mpted f r the %e"st re passw rd# which " u ch se when generating " ur CS-. The certificate files will var"# $ased n " ur ch ice f CA. 6 r instance if " ur CA is "/o0addy"# then the steps t f ll w will $e & 27ecute the f ll wing c mmands fr m <installation directory! & 're & %in %e"t l -imp rt -alias r t -%e"st re <domain ame!.keystore -trustcacerts -file gd>$undle.crt

%e"t l -imp rt -alias cr ss -%e"st re <domain ame!.keystore -trustcacerts -file gd>cr ss>intermediate.crt %e"t l -imp rt -alias intermed -%e"st re <domain ame!.keystore -trustcacerts -file gd>intermediate.crt %e"t l -imp rt -alias t mcat -%e"st re <domain ame!.keystore -trustcacerts -file <domain ame!.crt 6 r instance if " ur CA is ".erisi)n"# then the steps t f ll w will $e & 27ecute the f ll wing c mmands fr m <installation directory! & 're & %in

%e"t l -imp rt -alias intermediateCA -%e"st re <domain ame!.keystore -trustcacerts -file <your1intermediate1certificate!.cer %e"t l -imp rt -alias t mcat -%e"st re <domain ame!.keystore -trustcacerts -file <domain ame!.cer

6 r instance if " ur CA is "Comodo"# then the steps t f ll w will $e &

27ecute the f ll wing c mmands fr m <installation directory! & 're & %in

%e"t l -imp rt -trustcacerts -alias r <domain ame!.keystore

t -file AddTrust27ternalCA-

t.crt -%e"st re

ke"t l -imp rt -trustcacerts -alias addtrust -file =T9AddTrustServerCA.crt -%e"st re <domain ame!.keystore ke"t l -imp rt -trustcacerts -alias C m d =T9Server -file C m d =T9ServerCA.crt -%e"st re <domain ame!.keystore ke"t l -imp rt -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -%e"st re <domain ame!.keystore ke"t l -imp rt -trustcacerts -alias t mcat -file <domain ame!.crt -%e"st re <domain ame!.keystore

C p" the <domain ame!.keystore and place it in <installation directory! & conf f lder.

Step 2: +ssociatin) t#e Certificate $it# +0SelfSer3ice Plus : This will c nfigure the ADSelfService Plus server t use the %e"st re with " ur SSL certificate. T c nfigure ADSelfService Plus server t use the %e"st re with " ur SSL certificate f ll w the $el w steps.
o o o o o

2dit the ser3er.4ml in the <installation directory! & conf f lder. -eplace the value f "keystore5ile" t ".6conf6<domain ame!.keystore" at the last C nnect r(2nd f the page*. -eplace the passw rd f r "keystorePass" t "pass$ord as )i3en for keystore" Save the ser3er.4ml file and cl se it. Start ADSelfService Plus and c nnect t a $r wser.

If " u are a$le t view the ADSelfService Plus l gin c ns le with ut an" warning fr m the $r wser# " u have successfull" installed " ur SSL certificate in ADSelfService Plus?