SSL Configuration

    SSL Configuration

    Overview

    Secure Sockets Layer (SSL) is a secure communication protocol that initiates encrypted connections between servers and clients. SSL certificates are used to authenticate and protect the data exchanged between clients and server machines, both internally and externally.

    Steps for configuring SSL certificates

    Navigate to the Account Setup page of your ME AppCreator account. Click SSL Configuration under General.

    Generating CSR

    Note: If you are in need of a new SSL certificate from the CA or if it has expired, you need to generate a CSR using the following steps. If you have an existing SSL certificate, then follow the steps as in mentioned in Installing SSL certificate.
    1. Enter the following details under the Generate CSR tab and click Generate.
      • Common Name - Enter the domain name to which the certificate should be assigned.
      • SAN - Enter the alternate name that enables a certificate to cover multiple domain names, subdomains, or different variations of a domain.
      • Organization Unit - Specify the divisions, teams, or units within the organization that are associated with the certificate.
      • Organization - Specify the legal/official name of the organization for which the SSL certificate is being requested.
      • City
      • State
      • Country

    2. Once the CSR has been generated, you can download the zip file and use it to get the SSL certificate by sending it to the CA.

    3. Apply for a CA using the CSR:
      • Choose a CA of your choice and send a request to the CA using its online portal. Follow the instructions provided to submit the CSR and any additional information as required by the CA for validation.
      • The CA checks your signature using your public key (of the CSR submitted) and performs some level of verification of your identity.
      • After verification, the CA sends you a signed digital certificate along with intermediate certificates (if needed) that contains your distinguished name, your public key, the CA's distinguished name, and the signature of the certificate authority.
      • Store this signed certificate and follow the instructions below to import a SSL certificate.
    Note: Keep your CSR and its associated private key saved for future process.

    Installing SSL Certificate

    ​Note : If you've already uploaded an SSL Certification then follow from step 9.​

    1. When uploading a certificate for the first time, after generating the CSR file, head over to the Import SSL Certificate tab. Click Add Certificate.

    2. Attach the Server Certificate from the authorized CA that you want to import by clicking the Browse button.

    3. If the server certificate are of the formats ".pfx", ".keystore", ".p12", or ".jks":
      • Enter the Keystore password of the server certificate when prompted.
      • Click Fetch Details to fetch the details of the file. Choose the file which contains the certificate.

      • You can view the details of the SSL certificate by clicking the View button beside the files. Click Import once you review the details to import the certificate.

    4. If the server certificates are of the format ".cer", ".crt", or ".der":
      • Enter the Server key(private key) of the server certificate when prompted.

      • Click View Details to view all the information regarding the certificate. Click Import once you review the details to import the certificate.

    5. Upload all the Intermediate/ Root certificate successfully, if necessary. To add multiple certificates, click the + icon. Click Import to import the SSL certificate. You can add upto a maximum of five certificates.

    6. You can view the imported SSL certificate details on clicking View Details. Click the edit icon beside Certificate Details to import a new certificated if needed.

    7. Once you restart the AppCreator server, the certificate changes will then take effect.

    Note: If you have already configured SSL and are unable to see the details in the SSL tab then, make sure

    • You have configured only a single SSL Certificate for both AppCreator and customer portals if any
    • The keystore file name is "server.keystore" else rename it to "server.keystore" and is stored in your Product_Home/conf folder
    • Your Product_Home/conf folder contains only one "server.keystore" file and you're using that file for the SSL connection. There should not be any other file named "server.keystore" in the same directory
    • In Product_Home/conf/server.xml file, you search and replace both the keystoreFile and keystorePass values to keystoreFile="conf/server.keystore" keystorePass="${javax.net.ssl.keyStorePassword}"
    • In AppCreator/conf/system_properties.conf file, you set the value of javax.net.ssl.keyStorePassword as the password of your keystore file

    SSL when High Availability is Configured

    If High Availability is configured for your server then,

    1. Shutdown the secondary server properly first and only then the primary server should be shutdown. 
    2. The primary server should be started first and accessed properly. Then the secondary should be started for the SSL certificate to be imported properly on the secondary server too.

    Share this post : FacebookTwitter

    Still can't find what you're looking for?

    Write to us: appcreator-support@manageengine.com

    Back to Top