To configure the SSL certificate with the EG manager, please check whether the certificates are installed in the EG manager, if not you need to import the certificates in the EG manager.
1. To check the certificates, open the Microsoft management Console.
2. Click on file and add Add\Remove snap-ins to see the certificates
3. Move the certificates to selected snap-ins and click on Ok
4. Select the account and click on finish. You will be able to see the certificates installed on the machine.
5. Then click on the certificate folder to view the certificates
6. If the certificates aren’t installed, please import all the certificates (wild card, primary root certificate and intermediate root certificate (optional) by right clicking on the right pane of the console.
7. Click on import for the certificate import wizard and click on next.
8. Type in the decryption password and choose the file name and click on next.
9. Save all the certificates in the personal store and click on next to import the certificates.
Once you have verified the certificates, next step is to create the key store using the software Keystore explorer. Please use the link: http://keystore-explorer.org/ to download the Keystore explorer Note: It requires JRE version 1.6 and above.
a. Click on download and install the Keystore explorer
b. Once the Keystore explorer is downloaded and click on the Exe file to install the software. Choose the formats and click on next
c. Choose the destination folder and click on install to install the Keystore explorer
d. Open the Keystore explorer, it prompts the message if we don’t have the JRE 1.6
e. Click on Ok and install the latest JRE
f. Now open the Keystore explorer and click on “create a new Keystore” option to create the new Keystore file.
g. Select the keystone type as JKS and click on Ok
h. Next step is to set the Keystore password, right click on the screen and select "Set Keystore password".
i. Type the password as ‘eginnovations’ so that you don’t need to change the entry in server.xml file later
j. Once the password is set, right click on the screen again and select import key pair
k. Select the format as PKCS#12 and click on Ok.
i. Get the decryption password from the customer and choose the location where we have the wild card certificate.
j. Then click on import to choose the alias name (it is recommended to have the alias name as the FQDN of the EG manager server) and type ok to import the key pair.
k. After importing the Keystore file, save the file in the location egurkha\manager\tomcat\webapps.
l. Once you saved the file, close the Keystore explorer. Then open the existing Keystore file again from the location egurkha\manager\tomcat\webapps and check whether the file is locked and a green dot appears next to the file name. If the file is locked with the green dot, the Keystore is ready for the configuration.
m. Click on the Keystore file to view the certificate. In some cases, the customer may provide the certificate as a single file, bundled with the root certificate, intermediate certificate, and the wild card certificate as shown below:
Next step is to configure the server.xml file with the key store. Go to the location egurkha\manager\tomcat\conf and take a backup of the server.xml file
1. Edit the server.xml file and change the Keystore name with the name of the Keystore file instead of egmanager.bin. Provide the full name of the Keystore file with the file format.
2. Save and close the server.xml file. Restart the EG manager services.
3. Once the manager is started, edit the host file under the location c:\windows\system32\drivers\etc
Final step is to point the IP address with the hostname which we are going to use in the URL to access the EG manager.
Type the URL to access the EG manager if the certificate is properly configured you will be able to access the manager page without any errors as shown below: