Pasos para habilitar SSL

Paso 1: Definición del puerto SSL

Inicie sesión en ADAudit Plus con una cuenta que tenga privilegios administrativos.

Vaya a Admin> Configuración general> Conexión.

Enable SSL by checking the checkbox, then enter the port number [default: 8444] you plan on using for ADAudit Plus and save changes

Now stop ADAudit Plus by navigating through Start > All Programs > ADAudit Plus > Stop ADAudit Plus.

Step 2: Create the Keystore

The keystore is a password protected file that contains all the keys that the server will use for SSL transactions.

• To create the certificate keystore file, from <installation directory> \ jre \bin, execute the following command in the command prompt:

  keytool -genkey -alias tomcat -keypass <your key password> -keyalg RSA -validity 1000
  -keystore <domainName>.keystore

Provide information based on the following guidelines:

Step 3: Generate a Certificate Signing Request (CSR) and submit it to your Certifying Authority

1. Creating a Certificate Signing Request (CSR)

• To create a csr (Certificate Signing Request) file from the <installation directory> \ jre \ bin, execute the following command in the command prompt:

keytool -certreq -alias tomcat -keyalg RSA -keystore <domainName>.keystore -file
<domainName>.csr

(or)

• To create a Certificate Signing Request (CSR) with Subject Alternative Name (SAN), execute the following command in the command prompt:

   

  keytool -certreq -alias tomcat -keyalg RSA -ext
  SAN=dns:server_name,dns:server_name.domain.com,dns:server_name.domain1.com
  -keystore <domainName>.keystore -file <domainName>.csr

2. Submit the CSR file to your Certifying Authority (CA). You can locate the CSR file at <install_dir>\ADAudit Plus\jre\bin

Step 4: Add the CA signed certificates to the keystore

Add the CA signed certificates to the keystore

• Unzip the certificates returned by your CA and put them in <install_dir>/jre/bin folder
• Open the command prompt and navigate to <install_dir>/jre/bin folder
• Now, run the respective commands from the below list as applicable to your CA:

For "GoDaddy" certificates

• keytool -import -alias root -keystore <domainName>.keystore -trustcacerts -file
  gd_bundle.crt
• keytool -import -alias cross -keystore <domainName>.keystore -trustcacerts -file
  gd_cross.crt
• keytool -import -alias intermed -keystore <domainName>.keystore -trustcacerts
  -file gd_intermed.crt
• keytool -import -alias tomcat -keystore <domainName>.keystore -trustcacerts -file
  <domainName>.crt

For "Verisign" certificates

• keytool -import -alias intermediateCA -keystore <domainName>.keystore
  -trustcacerts -file < your intermediate certificate.cer>
• keytool -import -alias tomcat -keystore <domainName>.keystore -trustcacerts -file <domainName>.cer

For "Comodo" certificates

• keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore
  <domainName>.keystore
• keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt
  -keystore <domainName>.keystore
• keytool -import -trustcacerts -alias ComodoUTNServer -file
  ComodoUTNServerCA.crt - keystore <domainName>.keystore
• keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore
  <domainName>.keystore

For "Entrust" certificates

• keytool -import -alias Entrust_L1C -keystore <keystore-name.keystore> -trustcacerts
  -file entrust_root.cer
• keytool -import -alias Entrust_2048_chain -keystore <keystore-name.keystore> -
  trustcacerts -file entrust_2048_ssl.cer
• keytool -import -alias -keystore <keystore-name.keystore> -trustcacerts -file
  <domain-name.cer>

Purchased directly from Thawte

• keytool -import -trustcacerts -alias tomcat -file <certificate-name.p7b> -keystore
  <keystore-name.keystore>

Purchased through the Thawte reseller channel:

• keytool -import -trustcacerts -alias thawteca -file <SSL_PrimaryCA.cer> -keystore
  <keystore-name.keystore>
• keytool -import -trustcacerts -alias thawtecasec -file <SSL_SecondaryCA.cer> -
  keystore <keystore-name.keystore>
• keytool -import -trustcacerts -alias tomcat -file <certificate-name.cer> -keystore
  <keystore-name.keystore>>

For self signed (Internal CA) certificates:

Keytool –import –trustcacerts –alias tomcat –file certnew.p7b –keystore
<keystore_name >.keystore

Note:If you are receiving the certificates from a CA who is not in the list provided above, then contact your CA to get the commands required to add their certificates to the keystore.

Step 5: Bind the certificates to ADAudit Plus

• Copy the <domainName>.keystore file from <install_dir>\jre\bin folder and paste it in <install_dir>\conf folder
• Open ‘server.xml’ file located at <install_dir>\conf folder
• Replace the value of keystoreFile with ‘./conf/<domainName>.keystore’ and keystorePass with the password that you used in Step 1
• Save ‘server.xml’ file and close it
• Restart ADAudit Plus again for the changes to take effect.