Professional Documents
Culture Documents
guide
www.exchangereporterplus.com
Overview of Exchange Reporter Plus
Exchange Reporter Plus is a web-based reporting, change auditing, monitoring and content search
tool for Exchange Server, Exchange Online, and Skype for Business. It features more than 450 reports
on various Exchange entities such as mailboxes, mail traffic, public folders, OWA, and ActiveSync,
along with usage and configuration details about Skype for Business Server.
Exchange Reporter Plus is web-based software, so it's important to secure the communication
between the browser and the solution's server. SSL is standard security technology for establishing
an encrypted secure channel for communication between browsers and servers, and is used to
secure Exchange Reporter Plus' communication, too. This document explains in detail about:
www.exchangereporterplus.com 01
Step 1: Enabling SSL in Exchange Reporter Plus
1. Log in to Exchange Reporter Plus with admin credentials.
3. Under Connection Settings, check the Enable SSL Port [https] box.
5. To Encrypt the Keystore Password, select the checkbox and enter the password to be encrypted.
6. Click Save.
2. Navigate to the <installation directory>\jre\bin folder, and execute the following command:
keytool -genkey -alias tomcat -keypass <your key password> -keyalg RSA -validity 1000 -key
store<keystore_name>.keystore
www.exchangereporterplus.com 02
3. After executing the above command, you will be prompted to answer the following questions:
a. Enter the keystore password. (Enter the key password you used in the above command or
use plain characters like changeit instead.)
b. What is your first and last name? (You can either provide the machine name or the fully
qualified domain name (FQDN) of the server hosting Exchange Reporter Plus here.)
Once you have answered these questions, acknowledge that the entered information is correct for
the keystore file to be created.
2. Navigate to the <installation directory>\jre\bin folder, and execute the following command:
keytool -certreq -alias tomcat -keyalg RSA -keystore < keystore_name >.keystore -file
<csr_name>.csr
Note: The CSR file should be submitted to the certifying authority (CA) to receive CA-signed
certificate files. Refer to the steps given in Appendix A to request a certificate from an internal CA.
www.exchangereporterplus.com 03
C. Adding a certificate authority-signed certificate to the keystore
Note: To add the CA-signed SSL certificates to the keystore, use the instructions listed for the specific
vendors below. These instructions might change depending on the certificate issued by the CA.
Please ensure you replace the example values given inside < >.
2. Open an elevated Command Prompt and navigate to the <installation directory>\jre\bin folder.
3. To import the certificate into a .keystore file, run the commands from the list given below
(as applicable to your CA):
A. If your CA is GoDaddy
B. If your CA is Verisign
C. If your CA is Comodo
ii. keytool -import -alias cross -keystore <Keystore_Name>.keystore -trustcacerts -file gd_cross_
intermediate.crt
iii. keytool -import -alias intermediate -keystore <Keystore_Name>.keystore -trustcacerts -file gd_in
termediate.crt
iv. keytool -import -alias <Alias Specified when creating the Keystore> -keystore <Key
store_Name>.keystore -trustcacerts -file <CertificateName>.crt
<your_intermediate_certificate_name>.cer
ii. keytool -import -alias <Alias Specified when creating the Keystore> -keystore <Key
store_Name>.keystore -trustcacerts -file <CertificateName>.cer
www.exchangereporterplus.com 04
ii. keytool -import -trustcacerts -alias addtrust -file UTNAddTrustServerCA.crt -keystore <Key
store_Name>.keystore
iv. keytool -import -trustcacerts -alias essentialSSL -file essentialSSLCA.crt -keystore <Key
store_Name>.keystore
v. keytool -import -trustcacerts -alias <Alias Specified when creating the Keystore> -file <Certifi
cate-Name>.crt -keystore <Keystore_Name>.keystore
Note: If your certificate is in CER, CRT, PEM, or any other format, convert it to the P7B format first,
and then proceed with installation. Refer to Appendix B to learn how to convert certificates to P7B
format.
3. Execute the following command: Keytool -import -alias tomcat -trustcacerts -file cert.p7b -key
store <certificate_file_name>.keystore
4. Copy the keystore file to: <installation directory>\conf (by default: C:\ManageEngine\Exchange
Reporter Plus\conf).
www.exchangereporterplus.com 05
6. Edit the server.xml file by replacing the value of the following SSL connector tags at the bottom of
the page:
keystorePass password with whatever password you entered during the CSR generation.
8. Restart Exchange Reporter Plus. If you are able to view the Exchange Reporter Plus login console
without any warning from the browser, you have successfully installed your SSL certificate in
Exchange Reporter Plus.
1. Copy the PFX/PKCS12 certificate file and paste it under the path <installation directory>\conf.
(By default: C:\ManageEngine\Exchange Reporter Plus\conf.)
2. Open the server.xml file (present in <installation directory>\conf) in a text editor of your choice.
Go to the end of the XML file, and search for the Connector tag that starts with <Connector
SSLEnabled=”true” ……/>.
4. Restart ExchangeReporter Plus. If you are able to view the Exchange Reporter Plus login console
without any warning from the browser, you have successfully installed your SSL certificate in
Exchange Reporter Plus.
www.exchangereporterplus.com 06
Appendix A
Request a certificate from Microsoft Certificate Services (internal CA)
1. Connect to Microsoft Certificate Services, and click the Request a certificate link.
3. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a
renewal request by using a base-64-encoded PKCS #7 file.
4. Open the CSR file using an editor, copy the content, and paste it under Saved Request.
7. The certificate will be issued when you click the Download certificate chain link and select the
PKCS #7 Certificates types. The downloaded file name should be certnew.p7b.
Note: Copy and paste the certificate file to the <installation directory>\jre\bin folder.
8. Click the Home tab in the top-right corner, and click the Download a CA certificate, chain
certificate, or CRL link to download the CA root certificate.
9. Click the Download CA certificate link and save the root certificate. The downloaded file name
should be certnew.cer.
Note: Copy and paste the certificate file to the <installation directory>\jre\bin folder.
10. Navigate to <installation directory>\jre\bin using Command Prompt to import the internal CA
certificate into the .keystore file by executing the following command: keytool –import
–trustcacerts –alias tomcat –file certnew.p7b –keystore <keystore_name >.keystore
11. Add your internal CA's root certificate to the list of trusted CAs in the Java cacerts file by
executing the following command: keytool -import -alias <internal CA_name> -keystore
..\lib\security\cacerts -file certnew.cert
Note: Open the certnew.cer file to get the internal CA name, and provide a suitable password
when prompted.
www.exchangereporterplus.com 07
Appendix B
Steps to convert CER, CRT, and PEM certificates to P7B format
5. Type the File Name, or browse to export the specific file in P7B format.
Exchange Reporter Plus is an analysis, monitoring, and change auditing solution for Exchange Online and Exchange
Servers. It features over 450 unique reports on various Exchange entities such as mailboxes, public folders, Outlook
Web Access, and ActiveSync. Customize reports to track room mailbox usage, break down email response times, and
locate messages based on keywords in their content. Configure alerts in Exchange Reporter Plus for instant notifica-
tions on critical changes that require your immediate attention.