This extra documentation can help you when installing the SSL certificate

1. What we need for importing an SSL

  • The intermediate certificates included in the path. One file per certificate (.crt or .cer).
  • The certificate of your domain name. It contains the entire path, the certificate and the CA reply. One file (.crt or cer).
  • The key Pair or Private Key used to do the request. (See section how to do a request for further information).
  • The Remote Access web server keystore file (cert.jks).
  • The add-on Portecle we provide to manage the keystore files.

In our example, we suppose that we generated the key pair with Portecle in cert.jks (See section How to do a request).
So we presume the generated key pair is already in cert.jks. If the key was created with another tool, it must be imported in cert.jks.

2. Importing a Key Pair or Private Key

Only if created with another tool than Portecle, otherwise, see directly chapter 3 below.

Copy the file of your certification which contains .pfk and crt files to the TSplus Server, on this path: "\Program Files (x86)\TSplus\Clients\webserver".
We first make a copy of the file cert.jks to have a backup. We open the original file cert.jks (which password is 'secret').
Then right click on the key pair jwts, choose Delete and confirm. We do not need it as we will import ours.

A Private Key in flat text format .pem cannot be imported in Portecle. You must have a .pfk or .p12 file secured format.
Report to section Trouble Shooting of this document for more information about how to get a .pfk or p12 format.

Screenshot 1

In Portecle, select / Tools / Import Key Pair. Choose the key and confirm.

Enter the password used to create the key (e.g. yourpassword).

Screenshot 2

Screenshot 3

Confirm the key pair to import

Enter the alias 'jwts'.This Alias is only the 'name' of the Key Pair, not the value taken for the domain name (e.g.

Screenshot 4

Set the new password to 'secret' (remember, it has to be 'secret').

Screenshot 5

Screenshot 6

3. Importation of the certificates

Screenshot 7

We start here with cert.jks which contains our RSA 2048 bit Key Pair used for the request.

We must import the entire certification path, one by one.

Tools / Import Trusted Certificate

Screenshot 8

Select the certificate to import.

Confirm the importation of the trusted certificate

Screenshot 9

Screenshot 10

Confirm you accept the certificate as trusted

Screenshot 11

Confirm the alias. The certificate is imported

Screenshot 12

Screenshot 13

4. Result of importing the certificate

Once we have imported all the certificates we received on the right path, Portecle displays them.

We can notice that the list respects the order of the path attached to the certificate.
As a result, we have the same display that was shown in the certificate properties, except the key pair that appears in Portecle above the certificate of the domain name.

Screenshot 14

Screenshot 15

5. Importing of the CA Reply

The CA Reply is the Key Pair certified by the CA. It is contained in our domain name certificate (e.g. Certificate
This is the reason why it is important, when it is possible, to get a certificate with an exportable key.

To import the CA Reply, click right on the key pair (jwts) and choose Import CA Reply. Follow the steps and confirm the importation.
It is important to remember that the password of the Key Pair has to be 'secret'. If you have any doubt, right click on the key pair and choose set Password.

Screenshot 16

Screenshot 17

Screenshot 18

Screenshot 19

Enter CA Certs Keystore password

Screenshot 20

6. Restart the web Server

The certificates and the CA reply Key Pair have been imported. Our web server is now ready to use it.

Save the file cert.jks (file / Save). The password has to be 'secret'. Restart the Terminal Service Plus Web Server.

The certificate is now installed and shown in the address bar of the navigator when pointing

In the followings section, we’ll examine some trouble shootings.