• Replies 0 replies
  • Subscribers 26 subscribers
  • Views 62 views
  • Users 0 members are here
Options
Related

Configuring the custom SSL Certificate for DPA

daham_bm
26 days ago

Configuring the custom SSL Certificate for DPA

DPA users would like to use their own SSL certificate for the DPA website in many scenarios.

The DPA uses Tomcat as the web hosting application,

We can use a third-party application to import the certificate/key file into the keystore file.

 Note: backup the .keystore and server.xml files in <DPA-dir>\iwc\tomcat\conf prior to any configurations changes

 

Using Portecle application.

 

Portecle is a java based application, and it would require a JAVA runtime environment to open the application.

Since DPA installation already has Java installed, we can use the existing Java application to run the Jar file.

In the CMD, run the below command.

 

Note: The command should not contain the spaces (Program Files)

To avoid this, first change the directory to the JRE folder and then run the command to open the portecle.jar

 

Windows: <DPA-dir>\iwc\jre\bin\java.exe -jar <Portecle-dir>\portecle.jar

Linux: <DPA-dir>/iwc/jre_linux/bin/java -jar <Portecle-dir>/portecle.jar

Assuming the user already has the signed certificate in .jks, .p12, .pfx , .pem formats

  1. Open the current keystore by clicking File > Open Keystore File.

 

  1. Browse into the <DPA-dir>\iwc\\tomcat\conf

Select the ’All files ‘ in ’Files of Type ‘field

  1. Open the .keystore file. When prompted, enter ‘changeit’ as the password

Note: the default password is ‘changeit’ unless your administrator did not change the default password to something else.

  1. By default, the DPA will assign a self-signed certificate to the website.

You can verify that by right-click on the tomcat > Certificate details

Review the certificate details.

  1. Remove the existing tomcat entry by

Right click on Tomcat and delete.

  1. Importing the new key pair

Tools > Import Key pair

  1. Select new .pfx file.
  2. Enter the administrator provided key pair password.

Click on the Certificate details and verify the information.

  1. Enter tomcat for alias.

  1. Enter password

Note: Here we can use the default password ‘changeit’

If we choose to have our own password, we must update the password in the server.xml

  1. File > Save Keystore

 

  1. Verify the certificate details right-click on the tomcat > Certificate details
  2. Restart DPA services by running the ‘shutdown’ and ‘startup’ windows batch files

 

Additional steps

If the password entered in step 10 is an own password

  1. Open the server.xml file in <DPA-dir>\iwc\tomcat\conf
  2. Add the following attributes in

keystorePass="<KEYSTORE_PASSWORD>" keyPass="<CERTIFICATE_KEY_PASSWORD>"

 

  1. Save the xml file

Additional changes

1. If required, we can change the default DPA website port as per the requirement. In the above test platform, I have changed it to port 443 where the DPA website is now accessible on port 443.

2. We can use another .keystore file instead of the default if required. Update the correct keystorefile value to point to the necessary file.

keystoreFile="conf/.keystore" 

Perform the service restart in DPA.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.