Applying an SSL Certificate(WildCard)

Applying an SSL Certificate(WildCard)

Please Note: These are general guidelines,  It is always advised to refer the instructions published by respective CAs to import SSL certificate into tomcat server.

Importing WildCard SSL certificate (PEM format)

-----------------------------------------------------------

Step 1 : Updating Keystore

            Following commands are to be executed from the command prompt in the directory Zoho\Analytics\jre\bin>

Input Fully Qualified Domain Name details to Zoho Analytics Onpremise Keystore.

    keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore

Enter the password as 'accounts' (do not change this)

If you use your own password, you need to update it in the following files after the keyword keystorePass

<Zoho Analytics Onpremise>/conf/server.xml (above version 3500)

<Zoho Analytics Onpremise>/accounts/conf/server.xml

<Zoho Analytics Onpremise>/reports/conf/server.xml

Fill in the details and Note : The first prompt asking for name denotes CN, so mention your domain name

To delete an entry use

keytool -delete -alias analytics -keystore server.keystore

Step 2:  Import CA into keystore

keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>

Place the .pem and .key file under this folder of OpenSSL (C:\Program Files (x86)\GnuWin32in)

If OpenSSL is not installed, please install to proceed

Using Command Prompt, go to OpenSSL installation folder location (Ex: C:Program Files (x86)GnuWin32\bin)

Execute the below command (mydomain.com --> is the actual domain url that is to be used)

openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out  ./mydomain.com.p12

Copy the mydomain.com.p12 from the location C:\Program Files (x86)\GnuWin32\bin and place it under Zoho Analytics Onpremise\jre\bin

Execute the command using the command prompt,

keytool -importkeystore -srckeystore ./mydomain.com.p12 -srcstoretype PKCS12 -destkeystore server.keystore


Step 3:  Updating the changes in all modules

- Stop all Zoho Analytics Onpremise services.


- Replacing the existing server.keystores'


            For version 3500 and below, copy the server.keystore file in the <Zoho Analytics Onpremise>\jre\bin directory to the following locations

            Zoho Analytics Onpremise\conf

            Zoho Analytics Onpremise\accounts\conf

            Zoho Analytics Onpremise\reports\conf


           For version 3500 and above, copy the server.keystore file in the <Zoho Analytics Onpremise>\jre\bin directory to the following location


            Zoho Analytics Onpremise\conf


- Start all Zoho Analytics Onpremise services.

Importing a PFX format

----------------------------

Copy the pfx file (name.pfx) in the following locations and open the file 'server.xml' from the same following locations in a word pad.

Note: Please take a copy of the server.xml as a backup before making changes

For version 3500 and below, please copy the pfx file in the following locations

    C:\Zoho\Analytics\conf
    C:\Zoho\Analytics\accounts\conf
    C:\Zoho\Analytics\reports\conf


For version 3600 and above, please copy the pfx file in the below location


C:\Zoho\Analytics\conf


Locate the below entries in the server.xml file.

    keystorePass="accounts" keystoreFile="conf/server.keystore"

Please replace the file name server.keystore with the pfx file name (name.pfx) and enter the keystoreType="pkcs12" after the file name. Also replace the keystorePass value 'accounts' with the password for the .pfx file.

The entries should look like this,

    keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"

Restart Analytics services

Install a .P7b Certificate

-----------------------------

Some CA will provide the certificates with an extension .p7b. In such a case you can double click on this file to open a console which will list all the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files.

These certs can then be installed onto the keystore file using the instructions given in Step 3.

To export the certificate,

    Find domain.P7B.


    Right click on the certificate and select All Tasks -> Export option.


    The Certificate Export Wizard dialog pops up. Click Next button to proceed.


    Select the export file format as Base-64 encoded X.509 (.cer). Click Next.


    Specify the name of the file you want to export. Click Next.


    The certificate export wizard is completed successfully. You can check for the settings you have specified. Click Finish.


    A success message appears in a dialog box. Click OK.


Commands to install certificates of some common vendors

Please find below the commands you need to use to install certificates of some common vendors.

NOTE: These instructions might change depending on the Certificates issued by the CA.

GoDaddy

If your CA is "GoDaddy", then the steps to follow will be:

 

    keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt

    keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt

    keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt

    keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt

 

 

Verisign

If your CA is "Verisign", then the steps to follow will be:

    keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer

    keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer

    keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer

 

 

Comodo

If your CA is "Comodo", then the steps to follow will be:

 

    keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore

    keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore

    keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore

    keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore

    keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore

    • Related Articles

    • Creating New SSL Certificate

      Import third party SSL Certificate in Zoho Analytics On Premise This procedure is common to both editions of Zoho Analytics On Premise - Professional Edition and Personal Edition. In order to implement SSL, a web server must have an associated ...

    • Can I enable SSL for my Zoho website?

      Yes, you can enable SSL for your site. There are two options to do this:. Get a free SSL certificate from Let's Encrypt. Upload a SSL certificate that you already own.   To access your SSL settings: Click Settings at the top of your builder. ...

    • Can I enable SSL for my Zoho website?

      Yes, you can enable SSL for your site.   Click Manage, then Settings. Select SSL Hosting from the menu on the left. Click Install Your Own SSL if you already have an SSL certificate. Click Get SSL Certificate If you are installing SSL for the first ...

    • Is my survey SSL protected?

      All our surveys are SSL protected. Secure Sockets Layer or SSL is a standard security protocol that is used to establish encrypted links between a web server and a browser in any online communication. This technology ensures that all the data that is ...

    • I get an error while saving documents over HTTPS URL scheme. What am I doing wrong?

      You will get save document error present over HTTPS URL scheme in any of the following cases: SSL Certificate of your saveurl does not match your registered domain name. Please check the authenticity of your SSL Certificate from the ...