Applying a SSL Certificate
This documentation provides the general guidelines for applying a SSL certificate. However, to import a SSL certificate into a tomcat server, it is advisable to refer the instructions published by the respective Certificate Authorities.
Importing Wildcard SSL certificate (PEM format)
Step 1: Updating Keystore
The following commands are to be executed from the command prompt in the directory <Zoho_Analytics_Home>\jre\bin>.
Input the Fully Qualified Domain Name details to the Zoho Analytics Keystore.
keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore
Enter the password as 'accounts'. If you use your own password, please update the same after the keyword keystorePass in the following files.
<Zoho_Analytics>/conf/server.xml
Note: The initial prompt asking for name denotes the common name, so enter your domain name.
To delete an entry, use the following command.
- keytool -delete -alias analytics -keystore server.keystore
Step 2: Import CA into the Keystore
Execute the following command:
keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>
Place the .pem and .key files under the <C:\Program Files (x86)\GnuWin32in> of OpenSSL. In case OpenSSL is not installed, please install the same to proceed.
Using command prompt, navigate to the OpenSSL installation folder location. (For example, <C:Program Files (x86)GnuWin32\bin>)
Execute the following command:
openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out ./mydomain.com.p12
​where, mydomain.com is the actual domain url that is to be used.
Copy the mydomain.com.p12 from this location <C:\Program Files (x86)\GnuWin32\bin>, and place it under <Zoho_Analytics\jre\bin>
Execute the following command using command prompt:
keytool -importkeystore -srckeystore ./mydomain.com.p12 -srcstoretype PKCS12 -destkeystore server.keystore
Step 3: Updating the changes in all modules
Stop the Zoho Analytics server.
Replacing the existing server.keystores. Copy the server.keystore file found in the <Zoho_Analytics\jre\bin> directory to the following location:
<Zoho_Analytics>\conf
Restart the Zoho Analytics server.
Importing a PFX format
Copy the pfx file (name.pfx) from the following location, and open the 'server.xml' file from the same location in a word pad. (Please take a backup of the server.xml file before making any changes.)
C:\Zoho\Analytics\conf
Locate the following entries in the server.xml file:
keystorePass="accounts" keystoreFile="conf/server.keystore"
Replace the file name server.keystore with the pfx file name (name.pfx), and enter the keystoreType="pkcs12" after the file name. Additionally, replace the keystorePass value 'accounts' with the password for the .pfx file. The entries should look like this:
keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"
Restart Zoho Analytics.
Installing a .P7b Certificate
Some Certificate Authorities will provide certificates with a .p7b extension. In such cases, double click the file to open a console that lists the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files. These certificates can then be installed into the keystore file using the steps found here.
To export the certificate,
Find the domain.P7B. Right click on the certificate, navigate to All Tasks and select the Export option.
The Certificate Export Wizard dialog appears. Select the export file format as Base-64 encoded X.509 (.cer), and click Next.
Specify the name of the file you wish to export, and click Next.
On successful export, verify the specified settings and click Finish.
Installing certificates of common vendors
The following are the commands required to install a few common vendors' certificates. These instructions may vary based on the certificates issued by the Certificate Authorities.
GoDaddy
Follow the steps below if GoDaddy is your Certificate Authority.
keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt
keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt
keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt
Verisign
Follow the steps below if Verisign is your Certificate Authority.
keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer
keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer
keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer
Comodo
Follow the steps below if Comodo is your Certificate Authority.
keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore
keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore
keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore
keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore
keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore