How To Install PFX Wildcard SSL Certificate For eDiscovery Platform

How To Install PFX Wildcard SSL Certificate For eDiscovery Platform

Article: 100009142
Last Published: 2020-01-16
Ratings: 2 0
Product(s): eDiscovery Platform


A Wildcard SSL Certificate secures a website URL and an unlimited number of its subdomains.

The Wildcard SSL Certificate works the same way as a regular SSL certificate, and undergoes the same validation processes. The difference is that the Wildcard SSL Certificate extends to all of the subdomains of the domain to be secured.

For example,,, and can all be secured with a single Wildcard SSL Certificate.

Note: Some operating systems expect a dedicated and static IP for each of the subdomains that are utilizing the single wildcard certificate.


How to install a WILDCARD SSL CERTIFICATE using a PFX file:

1. Save the PFX file as a file named server.keystore in directory D:\<CWHOME>\config\templates\tomcat\ (example: D:\V83\config\templates\tomcat\server.keystore)

2. Edit file D:\<CWHOME>\config\templates\tomcat\server.xml

Add a keystoreType line after keyPass:



3. Execute Option 7 (Build Incremental Changes) from the "Clearwell Utility" application found on the desktop of the eDiscovery Platform server. This options performs various actions, including copying the server.keystore file from the templates directory to the 'live' run-time location D:\<CWHOME>\tomcat\conf\server.keystore.

The following additional steps are required for eDiscovery Platform 8.2 and above:

  1. Open the "Clearwell Comander" application found on the desktop of the eDiscovery Platform server.
  2. From the Action pulldown, select Stop Appliance Services. Wait for all services to stop.
  3. Go to Action and select Copy Tomcat Provider-Signed Certificate to Windows Trust Store
  4. Select Start Appliance Services. Then quit "Clearwell Commander" from the “File” menu.

Note: For eDiscovery Platform 8.2 and above, the PFX file must meet the following criteria, in order for the "Clearwell Commander" utility to access it successfully:
  1. The PFX file must be named server.keystore and must exist in location D:\<CWHOME>\config\templates\tomcat\server.keystore.
  2. The password of the PFX file must be "123456".
  3. The server certificate in the PFX file must have an 'alias' and 'friendly name' that displays "clearwellkey".  To view the 'alias name', use the following command:

    keytool -list -v -keystore server.keystore

For information on requesting a wildcard SSL cert using IIS and exporting to PFX, see:

For additional information, please see the Veritas System Administration Guide for eDiscovery Platform.


Was this content helpful?