--- title: "SSL Configuration for SysAid In-House Edition" slug: "ssl-configuration-for-sysaid-in-house-edition" description: "There are two options for enabling SSL access to SysAid.If you are using a keystore certificate, you may self-sign your certificate or have an official certification authority sign your certificate." tags: ["SysAid Classic"] updated: 2025-11-10T15:10:14Z published: 2025-11-10T15:10:14Z --- > ## Documentation Index > Fetch the complete documentation index at: https://documentation.sysaid.com/llms.txt > Use this file to discover all available pages before exploring further. # SSL Configuration for SysAid In-House Edition If you store sensitive information in SysAid, you may want to access SysAid using an SSL connection. It should be noted that certain configurations of SSL acceleration are not supported by SysAid. There are two options for enabling SSL access to SysAid: - option 1: [SSL Using a Keystore Certificate](/docs/ssl-configuration-for-sysaid-in-house-edition#option-1-ssl-using-a-keystore-certificate) - option 2: [SSL Using a PKCS #12 Certificate (.pfx file)](/docs/ssl-configuration-for-sysaid-in-house-edition#option-2-ssl-using-a-pkcs-12-certificate) If you are using a keystore certificate, you may self-sign your certificate or have an official certification authority sign your certificate. ## Option 1: SSL Using a Keystore Certificate You can use a keystore file as the certificate for enabling SSL access to SysAid. This process involves creating the keystore with all details of the certificate, generating a Certificate Signing Request (CSR), acquiring a signed certificate from a certification authority of your choice, importing the signed certificate back into the keystore file, and applying the certificate keystore to SysAid. To enable SSL for SysAid using a keystore certificate: 1. On the SysAid Server, open a command prompt (Start > Run > cmd). 2. Go to the **...\SysAidServer\jre\bin** directory. 3. Run the following command: **keytool -genkey -alias tomcat -keyalg RSA -keystore `name`.keystore -validity 365** You may replace `name` with the name of your choice. The validity365 command allows you to change the cert length from the default 90 days to 1 year. This option is only relevant for users with a self-signed certificate. 4. After the keytool generator has opened: 1. Enter your desired keystore password and press **Enter**. 2. Reenter the keystore password. 3. For the entry "first name and last name", enter the hostname to be used for accessing the SysAid Server. For example, If you intend to access SysAid via https://helpdesk.yourcompany.com then you need to enter helpdesk.yourcompany.com as your name. 4. Line by line, input the remaining information and press **Enter** , until you get to the confirmation line. 5. If the information you entered is correct, type "yes" and press **Enter** . If you made a mistake, type "no" and press **Enter** to go back. 6. When you are prompted to input a key password for Tomcat, do not type anything and simply press **Enter**. There is now a `name` **.keystore** file in the directory **...\SysAidServer\jre\bin**. Creating a **.keystore** file ![SSLConfigfilesKeystore.jpg](https://cdn.document360.io/52d3cb6c-cc81-43c2-b6f7-cbabcb449271/Images/Documentation/SSLConfigfilesKeystore.jpg) If you would like an official certification authority to sign your keystore certificate, you must complete steps 5 - 12. If you are satisfied with a self-signed certificate, skip to step 13. 1. Make a backup copy of the keystore file in case you need to restart the process of importing the certificate for any reason. 2. In the command prompt you opened earlier, run the following command: **keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore name.keystore -keysize 2048** 3. Enter the password for your keystore and press Enter. There is now a **certreq.csr** file in the directory **...\SysAidServer\jre\bin**.**Important!** You must save the keystore file that you use to create the **certreq.csr**. If you buy a certificate and you don't have the keystore file that you used to generate the CSR, you won't be able to use the certificate! 1. Go to the website for the certificate issuer of your choice and follow their instructions for generating your certificate using the **certreq.csr** file. Save the certificate to **...\SysAidServer\jre\bin**. 2. Download an intermediate certificate and root certificate (if applicable) from the website of the organization that issued your certificate and save them to the directory **...\SysAidServer\jre\bin**. 3. Return to the command prompt and import the root certificate into your keystore using the following command: **keytool -import -alias root -keystore `name`.keystore -trustcacerts -file `root_certificate_filename`** If you were not given a root certificate, skip this step. 4. Import the intermediate certificate into your keystore using the following command: **keytool -import -alias intermediate -keystore `name`.keystore -trustcacerts -file `intermediate_certificate_filename`** 5. Import your certificate into the keystore using the following command: **keytool -import -alias tomcat -keystore `name`.keystore -file `certificate_filename`** More information about using a certificate signed by an official certification authority can be found on the Apache website at [http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html](http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Installing_a_Certificate_from_a_Certificate_Authority) 6. Copy the **`name`** **.keystore** file to the **...\SysAidServer** directory. 7. Open the **server.xml** file located at **...\SysAidServer\tomcat\conf**. 8. If you are using the a Tomcat version up through 7.0.73, find the following lines: ```actionscript ``` **Note**: If you cannot find this connector, you may be running a different version of Tomcat. Try searching for a connector with the "SSLEnabled" parameter or contact SysAid Support. Also, if you are running Tomcat version 7 till 9, the displayed protocol is "org.apache.coyote.http11.Http11Protocol". If you are running version 9 or higher, the protocol is "org.apache.coyote.http11.Http11NioProtocol" 1. Delete the comment markers at the beginning of the code (). 2. Immediately after **sslProtocol="TLS"** and before **/>** , insert: **keystoreFile="C:\Program Files\SysAidServer\`name`.keystore" keystorePass="`password` "** Your **server.xml** should now look like this: ```actionscript ``` 1. If you are using the Tomcat version 8.5.32 or higher, find the following lines: ```actionscript ``` **Note:**If you cannot find this connector, you may be running a different version of Tomcat. Try searching for a connector with the "SSLEnabled" parameter or contact SysAid Support. 1. Delete the comment markers at the beginning of the code (). 2. After the SSLEnabled parameter, enter the following text: **scheme="https" secure="true">** . 3. In the **certificateKeystoreFile** attribute, replace the attribute value with the path of your keystore file. **keystoreFile="C:\Program Files\SysAidServer\name .keystore"** 4. After the keystore file path, enter the **certificateKeystorePassword** parameter with your password. **certificateKeystorePassword="password "** Your **server.xml** should now look like this: ```actionscript ``` **Note** : You may change the port from 8443 if you so choose. 1. Save **server.xml**. 2. Restart the SysAid Server service. You have now completed SSL configuration for SysAid. You may now access SysAid using SSL from https://your-server-URL :8443/, as well as from the normal connection you have been using until now. ## Option 2: SSL Using a PKCS #12 Certificate If you already have a PKCS #12 format certificate (.pfx file extension) containing the private key, you can use that in your tomcat configuration instead of using a keystore certificate. To enable SSL for SysAid using a PKCS #12 certificate: 1. Copy the **`name`****.pfx** file to the **...\SysAidServer** directory. 2. Open the **server.xml** file located at **...\SysAidServer\tomcat\conf**. 3. If you are using the a Tomcat version up through 7.0.73, find the following lines: ```actionscript ``` **Note:** If you are running Tomcat version 7.0.57 or higher the displayed protocol is "org.apache.coyote.http11.Http11Protocol". 1. Delete the comment markers at the beginning of the code (). 2. After the SSLEnabled parameter, enter the following text: **scheme="https" secure="true">** . 3. Immediately after **sslProtocol="TLS"** and before **/>** , insert: **keystoreFile="C:\Program Files\SysAidServer\`name`.pfx" keystoreType="PKCS12" keystorePass="`password` "** Your **server.xml** should now look like this: ```actionscript clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\name.pfx" keystoreType="PKCS12" KeystorePass="password" /> ``` 1. If you are using the Tomcat version 8.5.32 or higher, find the following lines: ```actionscript ``` 1. Delete the comment markers at the beginning of the code (). 2. After the SSLEnabled parameter, enter the following text: **scheme="https" secure="true">** . 3. Immediately after **sslProtocol="TLS"** and before **/>** , insert: **keystoreFile="C:\Program Files\SysAidServer\`name` .pfx"** 4. After the keystore file path, enter the **certificateKeystorePassword** parameter with your password. **certificateKeystorePassword="`password` "** Your **server.xml**should now look like this: ```actionscript ``` **Note** : You may change the port from 8443 if you so choose. 1. Save **server.xml**. 2. Restart the SysAid Server service. You have now completed SSL configuration for SysAid. You may now access SysAid using SSL from https://`your-server-URL `:8443/, as well as from the normal connection you have been using until now.