SynaMan » Enabling SSL

Document information

Document ID:1109
Subject:Using SSL certificate with SynaMan or Syncrify
Creation date:11/24/09 6:27 AM
Last modified on:12/3/13 9:48 AM


Using SSL Certificate

NOTE: This article applies to both SynaMan and Syncrify

In order to use HTTPS with SynaMan/Syncrify, you need to purchase an SSL certificate from a certificate authority. The following article demonstrates how to generate a CSR and install a certificate for SynaMan.

NOTE: Java 2 SDK 1.2 or above must be installed before you can generate your CSR. Once installed, you will be using the "keytool" command to create your key pair and CSR.

Click here if you need additional help regarding this matter.

Useful Tip

If you have purchased a certificate for an IIS server, you can reuse that certificate in both SynaMan and Syncrify. More info.

Renewing?

Click here if you are renewing an existing certificate that is about to expire.

Generating the public/private key pair

  1. Open a console (DOS prompt) on Windows or Terminal on Linux/Unix.
  2. Enter the following command.
    keytool -keysize 2048 -genkey -alias synaman -keyalg RSA -keystore synaman.keystore
    	
  3. You will be prompted for a password. You will need this password later on.
  4. Enter Distinguished Name (DN) information:
    • First and last name - This is the Common name: The common name is the fully-qualified domain name (FQDN), Host name, or URL - to which you plan to apply your certificate. Do not enter your personal name in this field.
    • Organizational unit - Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
    • City/Locality - Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
    • State/Province - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
    • Country code - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
  5. Confirm that the Distinguished Name information is correct.
This steps creates a keystore, which is a file that holds certificates.

Generating a CSR

Next step is to submit a CSR (SSL Certificate Signing Request) to a certificate authority.
  1. Enter the following command:

    keytool -certreq -keyalg RSA -alias synaman -file synaman.csr -keystore synaman.keystore
    	
  2. Enter the keystore password you specified earlier.
  3. This creates a new file called synaman.csr. Open this file in any editor like Notepad.
  4. Cut/copy and paste the generated CSR into enrollment form of your certificate authority.
  5. Select Tomcat as your server software.


Submit CSR and wait for response

Once you submit a CSR to a certificate authority, you have to wait for their response. It could take anywhere from a few minutes to up to two days before you get a response. The response from certificate authority typically includes an attached file containing your certificate. Some vendors also ask you to download the certificate from a secure website rather than emailing them to you.

You will probably get more than one file from the certificate authority. An SSL certificate creates a trust relationship by creating a chain of certificates. This is analogous to saying that you trust person A, but not C. However, person A trusts person B, who then trusts C. Therefore, it is okay to trust C.

Every file you get from a certificate authority must be added to the keystore you created in the first step.

Adding certificates to the keystore

You must add certificates in the order specified by certificate authority. The following example show how to add a root certificate, two intermediate certificates, and finally the actual certificate that is created for you.

Importing Root Certificate

keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore synaman.keystore
Now add two intermediary certificates. Replace Alias1, Alias2, File1 and File2 with actual values provided to you.

keytool -import -trustcacerts -alias Alias1 -file File1.crt -keystore synaman.keystore
keytool -import -trustcacerts -alias Alias2 -file File2.crt -keystore synaman.keystore
Finally, add the actual certificate that is meant for your copy of SynaMan using the following command.

keytool -import -trustcacerts -alias synaman -file yourCertificate.crt -keystore synaman.keystore

Final Step

Replace the existing certificate with the new one. Copy synaman.keystore file to $INSTALLDIR\htdocs\sslCert folder.

Next, look for a file called server.properties in the $INSTALLDIR/config folder. If this file does not exist, create it and append the following content:
SSLCertificatePassword=password
Replace the password with the actual value and restart SynaMan. Once the certificate is installed, you should be able to use HTTPS rather than HTTP to connect and securely transfer files.

NOTE: If you are creating the keystore for Syncrify, rename synaman.keystore to syncrify.keystore once it has been copied to the $INSTALLDIR\htdocs\sslCert directory. If there already exists a syncrify.keystore, rename this to syncrify_selfSigned.keystore before copying the keystore you have just created.

Related articles






User comments

Posted by Chris on 10/4/16 2:08 AM

What are the steps / commands if the server already has a valid trusted certificate installed?

Posted by Ron C on 12/4/09 2:24 PM

RonC again. All the commands look good now -- in IE, Firefox, and Chrome. Thanks for the fix.

Posted by Andrew on 1/26/15 11:34 AM

The folder names are all different. I guess this article is geared towards the Linux installation. I couldn't get it to work. I converted the certificate to PKCS12 using keytool and used the import function of Synaman to install SSL. It worked.

Posted by RonC on 11/29/09 12:06 PM

RonC again. If you're having trouble seeing all the keytool commands, do a 'view source'. All the commands are in the page source code.

Posted by Ron C on 11/28/09 11:47 AM

The command to generate the Key Pair seems to be missing the first keyword, i.e., keytool. Shouldn't the command be something like this: keytool -genkey -alias synaman -keyalg RSA -keystore synaman.keystore Here's a link to what I see -- the commands seem to be incomplete: http://dl.dropbox.com/u/186078/synaman-ssl.png


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters

Navigation

Social Media

Powered by 10MinutesWeb.com