How to install an SSL certificate in RecoveryManager Plus
Follow these steps to apply an SSL certificate in RecoveryManager Plus
Step 1: Enable SSL in the RecoveryManager Plus client.
Step 2: Create a Certificate Signing Request (CSR).
Step 3: Issue the SSL certificate.
Step 4: Associate the certificate with RecoveryManager Plus.
Step 1: Enable SSL in the RecoveryManager Plus client.
- Log in to RecoveryManager Plus.
- Navigate to Admin tab → General Settings → Connection.
- Check the Enable SSL Port option. The port number 8558 is entered by default. You can change it to a value of your choice.
- Click Save Changes and restart the product for the changes to take effect.
Step 2: Create a Certificate Signing Request (CSR).
- Stop RecoveryManager Plus (Start → All Programs → RecoveryManager Plus → Stop RecoveryManager Plus)
- Open command prompt and navigate to <installation_directory>\ManageEngine\RecoveryManager Plus\jre\bin where <installation_directory> is where RecoveryManager Plus is installed.
- Execute the following command to create a Keystore.
keytool -genkey -alias tomcat -keypass < key password> -keyalg RSA -validity 1000 -keystore <domainName>.keystore
<key password> is a password of your choice and <domainName> is the name of your domain.
- Type in your Keystore password. To avoid any confusion, try giving the same password as your 'keypass'.
You will be prompted to answer the following questions:
S.No |
|
|
1 |
What is your first name and last name? |
Enter the NetBIOS or FQDN of the server in which RecoveryManager Plus is configured. |
2 |
What is the name of your Organizational Unit? |
Enter the name of the OU of your choice. |
3 |
What is the name of your organization? |
Provide the legal name of your organization. |
4 |
What is the name of your city or locality? |
Enter the city or locality name as provided in your organization's registered address. |
5 |
What is the name of your state or province? |
Enter the name of your state or province as provided in your organization's registered address. |
6 |
What is the two-letter country code for this unit? |
Provide the two-letter code of the country your organization is located in. |
- In the same path, execute the following command to create a CSR with Subject Alternative Name (SAN).
keytool -certreq -alias tomcat -keyalg RSA -ext
SAN=dns:server_name,dns:server_name.domain.com,dns:server_name.domain1.com
-keystore <domainName>.keystore -file <domainName>.csr
<domainName> is the name of your domain and provide the appropriate Subject Alternatives Names.
Step 3: Issue the SSL certificate.
Note: If you use an external CA which is not in the list mentioned above, please contact your CA for the required commands.
Step 4: Associate the certificate with RecoveryManager Plus.
- Copy the '.keystore' file from the <installation_directory>\ManageEngine\RecoveryManager Plus\jre\bin location and paste it at the <installation_directory>\ManageEngine\RecoveryManager Plus\conf location.
- At the <installation_directory>\ManageEngine\RecoveryManager Plus\conf location, locate the 'server.xml' file and take a backup of that file.
- Open the server.xml file using an editor and navigate to the last connector tag.
- Replace the value of the keystore file with the location of your keystore ('./conf/<keystore_name>.keystore).
- Replace the value of the 'keystorePass' with the password given during keystore creation.
- Save the server.xml file and start RecoveryManager Plus (Start → All Programs → RecoveryManager Plus → Start RecoveryManager Plus).
- Once the RecoveryManager Plus service has started, launch the RecoveryManager Plus client.
Click here to download a guide on how to install an SSL certificate in RecoveryManager Plus.