Import third party SSL Certificate in Zoho Analytics On Premise
This procedure is common to both editions of Zoho Analytics On Premise - Professional Edition and Personal Edition.
In order to implement SSL, a web server must have an associated certificate for each external interface (IP address) that accepts secure connections.
Procedure for getting SSL Certificate for Tomcat webserver:
Following commands are to be executed from the command prompt in the directory <Zoho Analytics On Premise_Home>\jre\bin>
1. keytool -genkey -alias Analytics -keyalg RSA -keystore server.keystore
Note: i. Depending on the requirement, keysize can also be specified as an argument. In that case, the syntax of the command to be used is: keytool -genkey -alias Analytics -keyalg RSA -keysize 2048 -keystore server.keystore ii. If the keysize argument is not specified, default value taken will be 1024. It will prompt for a password. Enter the password say 'accounts'. This will be the keystore password - <keystore password>. |
Zoho Analytics On Premise file updates to be done if you use your own password instead of the default ['accounts']
If you use your own password other than the default [that is, 'accounts' in this case] then, you need to update the [own] password in the following files:
<Zoho Analytics On Premise_Home>/conf/server.xml
Search for the word 'keystorePass'. Replace the default password (accounts) specified beside this with your custom password.
Example of command execution, generating keystore file:
CN =mydomain
Enter your exact host and domain name that you wish to secure. Say, If you wish to secure http://www.mydomain.com/, then you will need to enter the exact host (www)and domain name (mydomain.com) in this field}.
If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com/
OU(Organization Unit)=MSP, O(Organization) = My organization, L(Location) = Los Angles, S(State) = CA, C(Country) = US.
Again it will ask for a password give the same password you gave previously <keystore password>
2. keytool -certreq -keyalg RSA -alias Analytics -file certreq.csr -keystore server.keystore
(Preserve this server.keystore in this directory itself. Don't delete this file since this will be used for import in the subsequent steps)
A "certreq.csr" file will be created in the <Zoho Analytics On Premise_Home>\jre\bin directory.
3. Submit the certreq.csr file to the CA and get the certificate file from the Certificate Authority(CA) for web server "tomcat".
Note: CA should be providing you with a Domain Certificate, Intermediate Certificate and a Root Certificate. Domain Certificate is identical to your domain, While Root and Intermediate Certificates are generic in nature and in most cases can also be downloaded from your CA's Website.
4. keytool -import -alias root -keystore server.keystore -trustcacerts -file <filename_of_the_chain_certificate>
[Chain or root Certificate file, that would be given by CA].
5. keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file <filename_of_the_intermediate_certificate>
[Intermediate Certificate file (if any), that would be given by CA].
6. keytool -import -alias Analytics -keystore server.keystore -trustcacerts -file <your_certificate_filename>
[Certificate file sent by CA to you specifically for your domain]
7. Copy the server.keystore file in the <Zoho Analytics On Premise_Home>\jre\bin directory to the following directory:
<Zoho Analytics On Premise_Home>\conf
8. Restart the Zoho Analytics On Premise service.
Vendor specific procedure to be referred in case the steps differ based on the certificate file type provided by CA.
Comodo:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/0/
Digicert:
https://www.digicert.com/ssl-certificate-installation-tomcat.htm
RapidSSL: