There are multiple ways for you to create a self-signed certificate. The steps in this topic include KeyStore Explorer, a free third-party utility. This product is not supported by IDERA and is only an example.
IDERA Dashboard must be installed prior to performing this task.
IDERA users in environments that have not yet added a certificate signed by a Certification Authority (CA) receive a warning message in their browser each time they attempt to open the SSL version of the IDERA Dashboard. Note that the default certificate provided with an IDERA product is not signed by any well-known CA and is intended only for use in testing purposes ONLY. You can resolve this issue by adding a signed CA using the steps provided in Run IDERA Dashboard over TLS (HTTPS), or you can use the following steps to resolve this issue at no certificate cost.
Adding a self-signed certificate
Creating a Certificate
- Download the free KeyStore Explorer utility from http://keystore-explorer.sourceforge.net/ and install it.
- Open KeyStore Explorer. KeyStore Explorer displays the following Quick Start options. On launch, it may ask you to download an updated Java Cryptography Extension (JCE) Unlimited Strength file.
- Click Open an existing KeyStore.
- Browse to the IDERA Dashboard conf directory, the default path is
C:\Program Files\Idera\Dashboard\WebApplication\conf, and open the keystore file.
- On the Unlock KeyStore dialog, enter "password" and then click OK.
KeyStore Explorer displays a list of any existing certificates.
- To create a new key click Generate Key Pair.
- On the Generate Key Pair window, verify the proper algorithm is selected, and then click OK.
KeyStore Explorer begins to generate a new key pair
- On the Generate New Pair Certificate window, make the following changes:
- In the Signature Algorithm list, select SHA-1 with RSA or SHA-256 with RSA. This example uses SHA-1 with RSA.
- In the Validity Period field set the number of years the certificate is valid, this example uses 5 years, and click Apply.
- Click the Edit Name button to open the Name window.
In essence, the name that you provide should match the URL that you intend to use. For example, the following image shows an entry that creates a certificate for https://localhost. For more information on each field refer to Distinguished Name Fields
Once you fill your information click OK. On the Name window Click the Edit Name icon to enter identifying information. In the Name dialog, complete each of the available fields. The entry in the Common Name (CN) field should correlate with the name of the website.
- On the Generate New Pair Certificate window click Add Extensions.
- On the Add Certificate Extensions window, click Add
- On the Add extension Type dialog select Subject Alternative Name and click OK.
- On the Subject Alternative Name Extension dialog, click the Add
On the Alternative Name dialog, select DNS Name. In the General Name Value field, enter the Fully Qualified Domain Name of the server on which the IDERA Dashboard exists. Click OK on all windows to save your changes.
- On the New Key Pair Entry Alias dialog, verify that the displayed alias matches the name of your website and then click OK.
KeyStore Explorer displays the New Key Pair Entry Password window. Type and confirm the password you want to use for the key pair, and then click OK.
This password must match the password entered in step 5.
In this case, type the following password in both input boxes:
- Verify the new line in the KeyStore Explorer certificate list, as shown in the following image.
- To delete the old certificate select the appropriate line, and then click Cut. If you get a Pasword requement use the one from step 5.
- Save the changes to the keystore file.
- Double-click on the certificate that you created, verify your details and click Export.
- On the Export Certificate dialog save the certificate in the IDERA Dashboard conf directory (e.g.
- Return to the main KeyStore Explorer window and close the application.
- Restart the Idera Dashboard Core Service and Idera Dashboard Web Application Service.
Adding a certificate
To add a certificate to the Trusted Root Certification Authorities store in Windows, refer to Manage Trusted Root Certificates.