Applying a SSL Certificate

This documentation provides the general guidelines for applying a SSL certificate. However, to import a SSL certificate into a tomcat server, it is advisable to refer the instructions published by the respective Certificate Authorities. 

Importing Wildcard SSL certificate (PEM format)

Step 1: Updating Keystore

The following commands are to be executed from the command prompt in the directory <Zoho_Analytics_Home>\jre\bin>. 

  • Input the Fully Qualified Domain Name details to the Zoho Analytics Keystore.

keytool -genkey -alias analytics -keyalg RSA -keystore server.keystore

  • Enter the password as 'accounts'. If you use your own password, please update the same after the keyword keystorePass in the following files.

    • <Zoho_Analytics>/conf/server.xml

Note: The initial prompt asking for name denotes the common name, so enter your domain name.

To delete an entry, use the following command.

  • keytool -delete -alias analytics -keystore server.keystore

Step 2: Import CA into the Keystore

  • Execute the following command:

keytool -import -alias root -keystore server.keystore -trustcacerts -file <root certificate>

  • Place the .pem and .key files under the <C:\Program Files (x86)\GnuWin32in> of OpenSSL. In case OpenSSL is not installed, please install the same to proceed.

  • Using command prompt, navigate to the OpenSSL installation folder location. (For example, <C:Program Files (x86)GnuWin32\bin>)

  • Execute the following command:

openssl pkcs12 -export -in <.pem file> -inkey <.key file> -out  ./mydomain.com.p12

​where, mydomain.com is the actual domain url that is to be used.

  • Copy the mydomain.com.p12 from this location <C:\Program Files (x86)\GnuWin32\bin>, and place it under <Zoho_Analytics\jre\bin>

  • Execute the following command using command prompt:

keytool -importkeystore -srckeystore ./mydomain.com.p12 -srcstoretype PKCS12 -destkeystore server.keystore

Step 3: Updating the changes in all modules

  • Stop the Zoho Analytics server.

  • Replacing the existing server.keystores. Copy the server.keystore file found in the <Zoho_Analytics\jre\bin> directory to the following location:

    • <Zoho_Analytics>\conf 

  • Restart the Zoho Analytics server.

Importing a PFX format

  • Copy the pfx file (name.pfx) from the following location, and open the 'server.xml' file from the same location in a word pad. (Please take a backup of the server.xml file before making any changes.) 

    • C:\Zoho\Analytics\conf

  • Locate the following entries in the server.xml file:

    • keystorePass="accounts" keystoreFile="conf/server.keystore" 

  • Replace the file name server.keystore with the pfx file name (name.pfx), and enter the keystoreType="pkcs12" after the file name. Additionally, replace the keystorePass value 'accounts' with the password for the .pfx file. The entries should look like this:

    • keystorePass="your pfx password" keystoreFile="conf/name.pfx" keystoreType="pkcs12"

  • Restart Zoho Analytics.

Installing a .P7b Certificate

Some Certificate Authorities will provide certificates with a .p7b extension. In such cases, double click the file to open a console that lists the required certificates. You can export these certificates to Base-64 encoded X.509 (.cer) files. These certificates can then be installed into the keystore file using the steps found here

To export the certificate,

  • Find the domain.P7B. Right click on the certificate, navigate to All Tasks and select the Export option.

  • The Certificate Export Wizard dialog appears. Select the export file format as Base-64 encoded X.509 (.cer), and click Next.

  • Specify the name of the file you wish to export, and click Next.

  • On successful export, verify the specified settings and click Finish

Installing certificates of common vendors

The following are the commands required to install a few common vendors' certificates. These instructions may vary based on the certificates issued by the Certificate Authorities. 

GoDaddy

Follow the steps below if GoDaddy is your Certificate Authority.

  • keytool -import -alias root -keystore server.keystore -trustcacerts -file gd_bundle.crt

  • keytool -import -alias cross -keystore server.keystore -trustcacerts -file gd_cross_intermediate.crt

  • keytool -import -alias intermediate -keystore server.keystore -trustcacerts -file gd_intermediate.crt

  • keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.crt

Verisign

Follow the steps below if Verisign is your Certificate Authority.

  • keytool -import -alias root -keystore server.keystore -trustcacerts -file <your_root_certificate_name>.cer

  • keytool -import -alias intermediateCA -keystore server.keystore -trustcacerts -file <your_intermediate_certificate_name>.cer

  • keytool -import -alias <Alias Specified when creating the Keystore> -keystore server.keystore -trustcacerts -file <CertificateName>.cer

Comodo

Follow the steps below if Comodo is your Certificate Authority.

  • keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore server.keystore

  • keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore server.keystore

  • keytool -import -trustcacerts -alias ComodoUTNServer -file ComodoUTNServerCA.crt -keystore server.keystore

  • keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore server.keystore

  • keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certificate-Name>.crt -keystore server.keystore