Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Web Help Desk (WHD) > Apply an SSL certificate to the Web Help Desk Virtual Appliance Management site

Apply an SSL certificate to the Web Help Desk Virtual Appliance Management site


Complete the steps in this article to apply an SSL certificate to the Web Help Desk virtual appliance (VA). This procedure applies to a SolarWinds Web Help Desk VA with an embedded virtual appliance management interface (VAMI) running on port 5480.

Access the VAMI site at https://[VA_HOST]:5480.


All Web Help Desk versions


Self-signed SSL Certificate

  1. SSH to the VA as user admin.
  2. Switch to user root: 

    sudo su -
  3. Create a backup folder and switch to that folder.

    mkdir VAMI_BAK
    cd VAMI_BAK
  4. Create a backup of the current self-generated certificates and OpenSSL configuration.

    cp /opt/vmware/etc/sfcb/*.pem ./ 
    cp /opt/vmware/etc/ssl/openssl.conf ./
  5. Create a work directory for the generated self-signed certificates.

    mkdir WORK
  6. Switch to the work directory.

    cd WORK
  7. Configure OpenSSL to put in the SSL Certificate details: 
    1. vi /opt/vmware/etc/ssl/openssl.conf 
    2. Press A to enter edit mode 
    3. Modify the following lines: 
      • commonName= 
      • organizationName= 
      • organizationalUnitName= 
      • countryName= 
    4. Save the file by pressing Esc, then :wq! 
    5. Press Enter.
  8. Run the script.

  9. Copy and overwrite the resulting files.

    cp *.pem /opt/vmware/etc/sfcb/ -Rf 
    cat file.pem server.pem > /opt/vmware/etc/lighttpd/server.pem
  10. Restart the VAMI services: 

    /etc/init.d/vami-sfcb restart 
    /etc/init.d/vami-lighttp restart

Signed SSL Certificate

If you configured a valid certificate for the Web Help Desk VA, add the certificate to the VA management site located at https://[VA_HOST]:5480.

  1. Set the environment variables.

    export JAVA_HOME=/usr/local/webhelpdesk/bin/jre
    export PATH=$JAVA_HOME/bin:${PATH}
  2. Extract the keypair from the keystore.jks file to a PFX file. 

    keytool -importkeystore -srckeystore /usr/local/webhelpdesk/conf/keystore.jks -srcstorepass changeit -srcalias tomcat -destkeystore keystore.pfx -deststoretype PKCS12 -deststorepass changeit -destalias tomcat
  3. Extract the key file and set the following passphrase:
    openssl pkcs12 -in keystore.pfx -nocerts -out file_pass.pem 

  4. Enter changeit for the password.

  5. Set a passphrase. 

  6. Convert the key file to a non-passphrase protected key using the passphrase in the previous step.

    openssl rsa -in file_pass.pem -out file.pem- 
  7. Extract the signed certificate from the PFX file. When prompted, enter changeit for the keystore password.

    openssl pkcs12 -in keystore.pfx -clcerts -nokeys -out server.pem
  8. Create a keypair that works with lighttpd (the web server for the VA management console).

    cat file.pem server.pem > /opt/vmware/etc/lighttpd/server.pem
  9. Restart the lighttpd services. 

    /etc/init.d/vami-lighttp restart 
Last modified
14:45, 21 Mar 2017