Configuring the custom SSL Certificate for DPA

Configuring the custom SSL Certificate for DPA

DPA users would like to use their own SSL certificate for the DPA website in many scenarios.

The DPA uses Tomcat as the web hosting application,

We can use a third-party application to import the certificate/key file into the keystore file.

 Note: backup the .keystore and server.xml files in <DPA-dir>\iwc\tomcat\conf prior to any configurations changes


Using Portecle application.


Portecle is a java based application, and it would require a JAVA runtime environment to open the application.

Since DPA installation already has Java installed, we can use the existing Java application to run the Jar file.

In the CMD, run the below command.


Note: The command should not contain the spaces (Program Files)

To avoid this, first change the directory to the JRE folder and then run the command to open the portecle.jar


Windows: <DPA-dir>\iwc\jre\bin\java.exe -jar <Portecle-dir>\portecle.jar

Linux: <DPA-dir>/iwc/jre_linux/bin/java -jar <Portecle-dir>/portecle.jar

Assuming the user already has the signed certificate in .jks, .p12, .pfx , .pem formats

  1. Open the current keystore by clicking File > Open Keystore File.


  1. Browse into the <DPA-dir>\iwc\\tomcat\conf

Select the ’All files ‘ in ’Files of Type ‘field

  1. Open the .keystore file. When prompted, enter ‘changeit’ as the password

Note: the default password is ‘changeit’ unless your administrator did not change the default password to something else.

  1. By default, the DPA will assign a self-signed certificate to the website.

You can verify that by right-click on the tomcat > Certificate details

Review the certificate details.

  1. Remove the existing tomcat entry by

Right click on Tomcat and delete.

  1. Importing the new key pair

Tools > Import Key pair

  1. Select new .pfx file.
  2. Enter the administrator provided key pair password.

Click on the Certificate details and verify the information.

  1. Enter tomcat for alias.

  1. Enter password

Note: Here we can use the default password ‘changeit’

If we choose to have our own password, we must update the password in the server.xml

  1. File > Save Keystore


  1. Verify the certificate details right-click on the tomcat > Certificate details
  2. Restart DPA services by running the ‘shutdown’ and ‘startup’ windows batch files


Additional steps

If the password entered in step 10 is an own password

  1. Open the server.xml file in <DPA-dir>\iwc\tomcat\conf
  2. Add the following attributes in



  1. Save the xml file

Additional changes

1. If required, we can change the default DPA website port as per the requirement. In the above test platform, I have changed it to port 443 where the DPA website is now accessible on port 443.

2. We can use another .keystore file instead of the default if required. Update the correct keystorefile value to point to the necessary file.


Perform the service restart in DPA.