Omniscope web server includes HTTPS support, shipping out of the box a self-signed certificate located into the omniscope-server install folder (named keystore.jks.default).


If you want to use your own fully validated SSL certificate, you need to configure the path and the password of the keystore file containing the certificate.


Go to the Admin -> Network setting section, once you enable "HTTPS" the "SSL Configuration" section will appear for you to configure the certificate.




Generating Java keystore with the full chain of certificates

Follow these 6 steps to create your Java keystore:


  1. Generate your RSA Private key
    keytool -genkey -alias myalias -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore c:\yoursite.jks
  2. Generate a CSR
    keytool -certreq -keyalg EC -alias myalias -file certreq.txt -keystore c:\yoursite.jks
  3. Use your CSR to request a new certificate from your chosen Certificate Authority (i.e. http://www.ksoftware.net/ssl_certs.html )
  4. Install the Trusted Root
    keytool -import -alias YourTrustRootCert -keystore c:\yoursite.jks -trustcacerts -file c:\YourTrustRootCert.crt
    **It may say that this root is already in the system wide store-- import it anyway.
  5. Install all the intermediate certificates
    keytool -import -alias YourTrustIntermediateCert -keystore c:\yoursite.jks -trustcacerts -file c:\YourTrustIntermediateCert.crt
  6. Install the SSL Certificate under the same Alias that the CSR was created from (e.g. myalias)
    keytool -import -alias myalias -keystore c:\yoursite.jks -trustcacerts -file c:\YourSiteCert.crt
    You should receive a message: "Certificate reply was installed in keystore" if successful.




Additional guides

To generate keys and certificates, you can follow one of these two guides: 

Generate a Self Signed Certificate using Java Keytool

Generate a Trusted Certificate