Install .PFX certificate | Help desk admin guide

Install the SSL Certificate from the ServiceDesk Plus UI

In ESM setups, go to ESM directory > Import SSL Settings and in non-ESM setups, go to Admin > General Settings > Import SSL Settings.
Browse to certificate files and select the primary or domain certificate file. Only files that have the .cer, .crt, .p7b, .pfx, .keystore, or .jks extension can be selected.
Click Import to install the .pfx certificates and provide the keystore password.

If file import fails due to missing intermediate certificates, click Automatically download or Manually download to install the certificates.

Restart the application to apply the changes.

Note: You can upload a maximum of four intermediate/root certificates.

In case of connectivity issues, install the PKCS12 certificate manually .

Manual Installation PKCS12 (.pfx) Certificate

A PKCS12 (.pfx) certificate stores the key pair and the SSL certificate in a single encrypted file.

Follow these steps to install the certificate:

Stop the application.
Copy the PKCS12 (.pfx) file to <installation directory>conf.

For versions earlier than 9400, copy the file to <installation directory>serverdefaultconf

Switch the application to the https mode by changing the web server port to its default port 443 or to any other desired port.
Go to <installation directory>conf and open the server.xml file in a text editor.

For versions 9.2 and 9.3, go to <installation directory>serverdefaultdeployjbossweb-tomcat70.sar

For versions earlier than 9.1, go to <installation directory>serverdefaultdeployjbossweb-tomcat50.sar

Locate the Connector SSLEnabled="true" string, insert keystoreType="pkcs12" and replace the following attributes with values as shown:

Attribute

Value

keystoreFile

conf/<your file name>.pfx

keystorePass

For versions earlier than 10.0, type your plain text password as is.

For versions 10.0 and later, paste the encrypted password.

Restart the application. Note that the application will now run in secure mode.

The following code displays the server.xml file after the required changes.

<Connector SSLEnabled="true" URIEncoding="UTF-8"

ciphers="TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_ GCM_SHA256, TLS_ECDHE_RSA _WITH_ÃES_256_GCM_SHA384" clientAuth="false" compressableMimeType="text/css, text/javascript, application/javascript, text/plain, text/html,application/json" compression="on" compressionMinSize="2048" enableLookups="false" keystoreFile="conf/sdp.pfx" keystorePass="<encrypted password>" keystoreType="pkcs12" maxPostSize="-1" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" parseBodyMethods="POST,PUT,DELETE" port="8989" protocol="com.managengine.servicedesk.protocol.ExtendedHttp11Protocol" scheme="https" secure="true" server="-" sslEnabledProtocols="TLSv1.2,TLSv1.1.TLSv1" sslProtocol="TLS"/>

How to encrypt your password in ServiceDesk Plus.

At the command prompt, change to <installation directory>bin

For versions earlier than 10.5, run:

encrypt.bat "<your password>"

For versions 10.5 and later, run:

encrypt.bat -a aes256 -v "<your password>"

The encrypted password will be displayed in the next line.