Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Web Help Desk (WHD) > Apply an SSL certificate to Web Help Desk in Linux via command line interface

Apply an SSL certificate to Web Help Desk in Linux via command line interface

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 239 Votes: 1 Revisions: 9

Overview

This procedure applies to the SolarWinds WebHelpDesk VA (Virtual Appliance). To apply an SSL Certificate to WHD in Linux via CLI, complete the steps below.

Environment

  • WHD
  • Linux

Steps

  1. SSH to the machine as a user with sudo access.
  2. Change the directory to the WHD home folder:
    cd /usr/local/webhelpdesk/conf
  3. Edit the file /usr/local/webhelpdesk/conf/whd.conf and uncomment the line for HTTPS_PORT=443
  4. Look for KEYSTORE_PASSWORD= and take note of the password.
  5. Delete the alias tomcat from the keystore. You may also backup the keystore before doing this:
    sudo ../bin/jre/bin/keytool -delete -alias tomcat -keystore keystore.jks -storepass [the password from step 3]
  6. Generate a new key with alias tomcat:
    SHA1 Signature Algorithm: sudo ../bin/jre/bin/keytool -genkey -alias tomcat -keystore keystore.jks -keyalg RSA -keysize 2048 -validity <val_days> -storepass [the password from step 3]
    
    SHA2 Signature Algorithm: sudo ../bin/jre/bin/keytool -genkey -alias tomcat -keystore keystore.jks -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity <val_days> -storepass [the password from step 3]

    <val_days> = days that the key is valid, 360 for 1 year and 730 for 2 years.

    then
    • Enter a CN that matches the site used in the certificate For example, if Web Help Desk is hosted at support.example.com, your CN must be support.example.com. 
    • Enter an Organization Unit (OU) that helps distinguish this certificate from others for your organization.  
    • Enter an Organization Name (O), typically name for your organization.  
    • Locality Name (L). This is typically a city name. 
    • Enter a State Name (ST). This should be the unabbreviated city and state/province/region/territory of your organization. 
    • Enter a Country (C) This should be the two letter ISO 3166 country code for your country.  
    • Email (E) is generally optional, but may be used by your CA as the address to which the certificate will be mailed.
  7. Generate a CSR file or Certificate Signing Request file:
    sudo ../bin/jre/bin/keytool -certreq -alias tomcat -keystore keystore.jks -file <[filename].csr> -storepass [the password from step 3]
  8. Grab a copy of that .csr file and send it to your root CA to request for a signed certificate.
  9. Once you have already downloaded the signed certificate and root certificates, you can then import them as follows:
    1. Copy the files to the VA using an SFTP client (like FileZilla or WinSCP) and take note of the location. 
    2. Import the Root and intermediate CA certificates (repeat the same step below for every certificate and change the alias to a different name):
      sudo ../bin/jre/bin/keytool -import -trustcacerts -alias root -file </path/to/Root CA file> -keystore keystore.jks -storepass [the password from step 3]
    3. Import the singed primary CA for WHD (tomcat):
      sudo ../bin/jre/bin/keytool -import -trustcacerts -alias tomcat -file </path/to/your.whd.authenticated cert> -keystore keystore.jks -storepass [the password from step 3]

You may also refer to this PDF file below for the graphical version of the process but this will require a separate download of the OpenSource tool - Portecle.
 

Last modified
04:36, 23 Jun 2016

Tags

Classifications

Public