Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Web Help Desk (WHD) > Apply an SSL certificate to the Web Help Desk Virtual Appliance Management site

Apply an SSL certificate to the Web Help Desk Virtual Appliance Management site

Overview

Complete the steps in this article to apply an SSL certificate to the Web Help Desk virtual appliance (VA). This procedure applies to a SolarWinds Web Help Desk VA with an embedded virtual appliance management interface (VAMI) running on port 5480.

Access the VAMI site at https://[VA_HOST]:5480.

Environment

All Web Help Desk versions

Steps

Self-signed SSL Certificate

  1. SSH to the VA as user admin.
  2. Switch to user root: 

    sudo su -
  3. Create a backup folder and switch to that folder.

    mkdir VAMI_BAK
    cd VAMI_BAK
  4. Create a backup of the current self-generated certificates and OpenSSL configuration.

    cp /opt/vmware/etc/sfcb/*.pem ./ 
    cp /opt/vmware/etc/ssl/openssl.conf ./
  5. Create a work directory for the generated self-signed certificates.

    mkdir WORK
  6. Switch to the work directory.

    cd WORK
  7. Configure OpenSSL to put in the SSL Certificate details: 
    1. vi /opt/vmware/etc/ssl/openssl.conf 
    2. Press A to enter edit mode 
    3. Modify the following lines: 
      • commonName= 
      • organizationName= 
      • organizationalUnitName= 
      • countryName= 
    4. Save the file by pressing Esc, then :wq! 
    5. Press Enter.
  8. Run the genSslCert.sh script.

    /opt/vmware/share/sfcb/genSslCert.sh
  9. Copy and overwrite the resulting files.

    cp *.pem /opt/vmware/etc/sfcb/ -Rf 
    cat file.pem server.pem > /opt/vmware/etc/lighttpd/server.pem
  10. Restart the VAMI services: 

    /etc/init.d/vami-sfcb restart 
    /etc/init.d/vami-lighttp restart

Signed SSL Certificate

If you configured a valid certificate for the Web Help Desk VA, add the certificate to the VA management site located at https://[VA_HOST]:5480.

  1. Set the environment variables.

    export JAVA_HOME=/usr/local/webhelpdesk/bin/jre
    export PATH=$JAVA_HOME/bin:${PATH}
  2. Extract the keypair from the keystore.jks file to a PFX file. 

    keytool -importkeystore -srckeystore /usr/local/webhelpdesk/conf/keystore.jks -srcstorepass changeit -srcalias tomcat -destkeystore keystore.pfx -deststoretype PKCS12 -deststorepass changeit -destalias tomcat
  3. Extract the key file and set the following passphrase:
    openssl pkcs12 -in keystore.pfx -nocerts -out file_pass.pem 

  4. Enter changeit for the password.

  5. Set a passphrase. 

  6. Convert the key file to a non-passphrase protected key using the passphrase in the previous step.

    openssl rsa -in file_pass.pem -out file.pem- 
    
  7. Extract the signed certificate from the PFX file. When prompted, enter changeit for the keystore password.

    openssl pkcs12 -in keystore.pfx -clcerts -nokeys -out server.pem
    
  8. Create a keypair that works with lighttpd (the web server for the VA management console).

    cat file.pem server.pem > /opt/vmware/etc/lighttpd/server.pem
    
  9. Restart the lighttpd services. 

    /etc/init.d/vami-lighttp restart 
    
Last modified

Tags

Classifications

Public