How to install existing PFX Certificate?

Description

This article will help you use your existing PFX certificate file while deploying SSL in ADSelfService Plus.

Resolution

Step 1: Enable SSL in ADSelfService Plus.

• Navigate to Admin --> Product Settings --> Connection
• Select Enable SSL Port [https] check-box and click Save

Step 2: Stop ADSelfService Plus.

• Start --> All Programs --> ADSelfService Plus --> Stop ADSelfService Plus
• If you have installed ADSelfService Plus as a service, then stop the service (Start --> Run --> type Services.msc --> Stop ManageEngine ADSelfService Plus)

Step 3: Export PFX/PKCS12 certificate file

• Export and save your PFX/PKCS12 file under <installation_dir>\conf (By default: C:\ManageEngine\ ADSelfService Plus\ conf) folder

Step 4: Edit Server.xml file to include the wildcard certificate

• Now open the server.xml file present in <installation_dir>\conf folder in a text editor of your choice
• Go to the end of the XML file and search for the connector tag (that starts like, <Connector SSLEnabled=”true” ……/>)
• Now, edit the following values inside that connector tag:
  • keysotreFile=”./conf/”
  • keystorePass=””
  • keystoreType=”PKCS12”

E.g.: <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/YOUR_CERT_FILE.pfx" keystorePass="PASSWORD" keystoreType="PKCS12" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="443" scheme="https" secure="true" sslProtocol="TLS"/>

Step 5: Start ADSelfService Plus.