Log in Sign Up

Guides

On-Premise Platform

Configuring SSL Certificates for Secure Communication

To ensure secure communication, the Protectimus On-Premise Platform requires a properly configured SSL certificate. This section provides detailed instructions on issuing, importing, and configuring trusted SSL certificates.

1. How to issue a trusted SSL certificate for the On-Premise Platform using AD CS with Web Enrollment


Please Note:
  1. The certificate of Certification Authority (CA) has to be installed on the clients machines in your domain to integrate the On-Premise Platform with such solutions as OWA.
  2. The Common Name (CN) for which the certificate was issued has to be accessible in your domain to integrate the On-Premise Platform with such solutions as OWA.
Prerequisites:
  1. AD CS installed with Web Enrollment feature.
  2. You need to have access to the Web Server template in certsrv.
  3. Keytool and OpenSSL tools are required.

1.1. Generate a Certificate Signing Request (CSR) Using OpenSSL

  1. Generate a private key: 

    openssl genrsa -out test-server.key 2048Copy
  2. Create a CSR: 

    openssl req -new -key test-server.key -out test-server.csrCopy

1.2. Submit the CSR to AD CS to issue and download a certificate

  1. Open the AD CS web interface: 

    http://CA-Server-Name/certsrvCopy
  2. Select Request a Certificate:

    Request a Certificate

  3. Select Advanced Certificate Request:

    Advanced Certificate Request
  4. Open your .csr file in a text editor, copy its contents, and paste it into the request box.
  5. Choose the Web Server template and submit the request:

    Advanced Certificate Request
  6. The Certificate Issued page should be opened, Select Base64 encoded checkbox.
  7. Click on the Download certificate.
  8. (Optional) Click on the Download certificate chain in case you need your CA to be trusted in your domain. Import the ca-chain.pem into the Trusted Root Certification Authorities store on the clients machines.

1.3. Import a SSL certificate to the Protectimus Platform

To import the issued certificate, follow the instructions in the “2. How to Import Trusted SSL Certificate” section.

2. How to Import Trusted SSL Certificate

By default, a self-signed SSL certificate is used for the SSL connections with the Protectimus On-Premise Platform. If you would like to import your own trusted SSL certificate, follow the instructions below.

To import the SSL certificate, you will need the SSL certificate itself, the keytool, and openssl utilities.

Different SSL certificate formats are supported, including .pkcs12, .pem, .der, .pfx.

Replace names and parameters taking into account your configuration:

  1. Combine the certificate (test-server.cer) and the private key (test-server.key) into a PKCS12 file which is Java-compatible keystore (.jks) format:
openssl pkcs12 -export -in test-server.cer -inkey test-server.key -out test-server.pfxCopy
  1. Create a Java Keystore and import the .pfx file into it:
keytool -importkeystore -srckeystore test-server.pfx -srcstoretype PKCS12 -destkeystore “C:\Program Files\Protectimus\Platform\keystore.jks” -deststoretype JKSCopy
Then you need to update the protectimus.platform.properties file to apply changes.

You can find instructions in the 3.1. SSL Certificate Configuration section. Don’t forget to save the file and restart the Platform.

3. How to Configure SSL Certificate, Mail and SMS Tokens, and Specify the Path to the License File

Once you’ve successfully installed the platform, it will generate a configuration file named protectimus.platform.properties. The protectimus.platform.properties file must be located in the same directory as the executable.

This file allows you to customize the following settings:
  • Add SSL certificate for the Protectimus Platform. Different SSL certificate formats are supported, including .pkcs12, .pem, .der, .pfx.
  • Configure delivery of messages via email;
  • Configure SMPP server connection to add your SMS provider to deliver one-time passwords via SMS.
  • Specify the path to the license file. Please note that the path to the license file should be indicated with double backslashes
    (eg. C:\\some\\path\\file).
Available properties that you can add to the protectimus.platform.properties file include:

3.1. SSL Certificate Configuration


PROPERTY NAME PROTERTY STANDS FOR 
https.portCopy
 Port on which your application listens for HTTPS requests. Typically, platform uses port 8443 by default. 
https.keystore.typeCopy
 Type of keystore used to store SSL certificates and private keys. Types: JKS, PKCS12. 
https.keystore.passwordCopy
 Password required to access the keystore. 
https.keystoreCopy
 Full path to the keystore file containing SSL certificates and private keys.
Please note that the keystore file should be located in the ..\\Protectimus\\Platform folder, in the same place as the .war and .properties files. The path should be indicated with double backslashes, for example C:\\Program Files\\Protectimus\\Platform\\keystore.jks.

Example: 

https.port = 8443
https.keystore.type = JKS
https.keystore.password = **********
https.keystore = C:\\Program Files\\Protectimus\\Platform\\keystore.jksCopy

3.2. Email Message Delivery Configuration


PROPERTY NAME PROTERTY STANDS FOR 
smtp.hostCopy
 SMTP server’s hostname or IP address. 
smtp.portCopy
 Port number for SMTP server. 
smtp.userCopy
 Username or email account for authentication. 
smtp.passwordCopy
 Password associated with the username or email account. 
default.from.addressCopy
 Allows you to set the address from which emails will be sent to the user.

Example: 

smtp.host = smtp-server.com
smtp.port = 25
smtp.user = user@example.com
smtp.password = **********Copy

3.3. SMPP Server Connection Configuration


PLEASE NOTE! Additionally, you can configure settings for SMSC and ALIBABA as well.

PROPERTY NAME PROTERTY STANDS FOR 
smpp.server.loginCopy
 SMPP server login. 
smpp.server.passwordCopy
 SMPP server password. 
smpp.server.hostCopy
 Host or IP address of the SMPP server. 
smpp.server.portCopy
 Port for the SMPP server. 
smpp.message.encodingCopy
 Encoding for SMPP messages. 
smpp.from.addressCopy
 Source or sender address for SMPP messages.

Example: 

smpp.server.login = login
smpp.server.password = **********
smpp.server.host = smpp.example.com
smpp.server.port = 12000
smpp.message.encoding = UTF-8
smpp.from.address = ProtectimusCopy
If you have other questions, contact Protectimus customer support service.

Protectimus Ltd

Carrick house, 49 Fitzwilliam Square,
Dublin D02 N578, Ireland

Ирландия: +353 19 014 565
США: +1 786 796 66 64

support@protectimus.com
sales@protectimus.com

© 2025 Protectimus Ltd
© 2025 Protectimus Ltd
Table of Contents