Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Web Help Desk (WHD) > Apply an SSL certificate to Web Help Desk in Linux via command line interface

Apply an SSL certificate to Web Help Desk in Linux via command line interface

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 317 Votes: 1 Revisions: 9

Overview

This procedure applies to the SolarWinds WebHelpDesk VA (Virtual Appliance). To apply an SSL Certificate to WHD in Linux via CLI, complete the steps below.

Environment

  • WHD
  • Linux

Steps

  1. SSH to the machine as a user with sudo access.
  2. Change the directory to the WHD home folder:
    cd /usr/local/webhelpdesk/conf
  3. Edit the file /usr/local/webhelpdesk/conf/whd.conf and uncomment the line for HTTPS_PORT=443
  4. Look for KEYSTORE_PASSWORD= and take note of the password.
  5. Delete the alias tomcat from the keystore. You may also backup the keystore before doing this:
    sudo ../bin/jre/bin/keytool -delete -alias tomcat -keystore keystore.jks -storepass [the password from step 3]
  6. Generate a new key with alias tomcat:
    SHA1 Signature Algorithm: sudo ../bin/jre/bin/keytool -genkey -alias tomcat -keystore keystore.jks -keyalg RSA -keysize 2048 -validity <val_days> -storepass [the password from step 3]
    
    SHA2 Signature Algorithm: sudo ../bin/jre/bin/keytool -genkey -alias tomcat -keystore keystore.jks -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity <val_days> -storepass [the password from step 3]

    <val_days> = days that the key is valid, 360 for 1 year and 730 for 2 years.

    then
    • Enter a CN that matches the site used in the certificate For example, if Web Help Desk is hosted at support.example.com, your CN must be support.example.com. 
    • Enter an Organization Unit (OU) that helps distinguish this certificate from others for your organization.  
    • Enter an Organization Name (O), typically name for your organization.  
    • Locality Name (L). This is typically a city name. 
    • Enter a State Name (ST). This should be the unabbreviated city and state/province/region/territory of your organization. 
    • Enter a Country (C) This should be the two letter ISO 3166 country code for your country.  
    • Email (E) is generally optional, but may be used by your CA as the address to which the certificate will be mailed.
  7. Generate a CSR file or Certificate Signing Request file:
    sudo ../bin/jre/bin/keytool -certreq -alias tomcat -keystore keystore.jks -file <[filename].csr> -storepass [the password from step 3]
  8. Grab a copy of that .csr file and send it to your root CA to request for a signed certificate.
  9. Once you have already downloaded the signed certificate and root certificates, you can then import them as follows:
    1. Copy the files to the VA using an SFTP client (like FileZilla or WinSCP) and take note of the location. 
    2. Import the Root and intermediate CA certificates (repeat the same step below for every certificate and change the alias to a different name):
      sudo ../bin/jre/bin/keytool -import -trustcacerts -alias root -file </path/to/Root CA file> -keystore keystore.jks -storepass [the password from step 3]
    3. Import the singed primary CA for WHD (tomcat):
      sudo ../bin/jre/bin/keytool -import -trustcacerts -alias tomcat -file </path/to/your.whd.authenticated cert> -keystore keystore.jks -storepass [the password from step 3]

You may also refer to this PDF file below for the graphical version of the process but this will require a separate download of the OpenSource tool - Portecle.
 

Last modified

Tags

Classifications

Public