This extra documentation can help you when installing the SSL certificate
1. What we need for the importation
- The intermediate certificates included in the path. One file per certificate (.crt or .cer).
- The certificate of our domain name. It contains the entire path, the certificate and the CA reply. One file (.crt or cer).
- The key Pair or Private Key used to do the request. (See section how to do a request for further information).
- The Terminal Service Plus web server keystore file (cert.jks).
- The add-on Portecle we provide to manage the keystore files.
In our example, we suppose that we generated the key pair with Portecle in cert.jks (See section How to do a request).
So we presume the generated key pair is already in cert.jks. If the key was created with another tool, it must be imported in cert.jks.
2. Importation of a Key Pair or Private Key
Only if created with another tool than Portecle, otherwise, see directly chapter 3 below.
Copy the file of your certification which contains .pfk and crt files to the TSplus Server, on this path: "\Program Files (x86)\TSplus\Clients\webserver".
We first make a copy of the file cert.jks to have a backup. We open the original file cert.jks (which password is 'secret').
Then right click on the key pair jwts, choose Delete and confirm. We do not need it as we will import ours.
A Private Key in flat text format .pem cannot be imported in Portecle. You must have a .pfk or .p12 file secured format.
Report to section Trouble Shooting of this document for more information about how to get a .pfk or p12 format.
In Portecle, select / Tools / Import Key Pair. Choose the key and confirm.
Enter the password used to create the key (e.g. yourpassword).
Confirm the key pair to import
Enter the alias 'jwts'.This Alias is only the 'name' of the Key Pair, not the value taken for the domain name (e.g. mydomainname.com)
Set the new password to 'secret' (remember, it has to be 'secret').
3. Importation of the certificates
We start here with cert.jks which contains our RSA 2048 bit Key Pair used for the request.
We must import the entire certification path, one by one.
Tools / Import Trusted Certificate
Select the certificate to import.
Confirm the importation of the trusted certificate
Confirm you accept the certificate as trusted
Confirm the alias. The certificate is imported
4. Result of the importation of the certificate
Once we have imported all the certificates we received on the right path, Portecle displays them.
We can notice that the list respects the order of the path attached to the certificate.
As a result, we have the same display that was shown in the certificate properties, except the key pair that appears in Portecle above the certificate of the domain name.
5. Importation of the CA Reply
The CA Reply is the Key Pair certified by the CA. It is contained in our domain name certificate (e.g. Certificate MyDomainName.com).
This is the reason why it is important, when it is possible, to get a certificate with an exportable key.
To import the CA Reply, click right on the key pair (jwts) and choose Import CA Reply. Follow the steps and confirm the importation.
It is important to remember that the password of the Key Pair has to be 'secret'. If you have any doubt, right click on the key pair and choose set Password.
Enter CA Certs Keystore password
6. Restart the web Server
The certificates and the CA reply Key Pair have been imported. Our web server is now ready to use it.
Save the file cert.jks (file / Save). The password has to be 'secret'. Restart the Terminal Service Plus Web Server.
The certificate is now installed and shown in the address bar of the navigator when pointing https://mydomainname.com.
In the followings section, we’ll examine some trouble shootings.