Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > Apply an SSL certificate to the Web Help Desk Virtual Appliance Management site

Apply an SSL certificate to the Web Help Desk Virtual Appliance Management site


Complete the steps in this article to apply an SSL certificate to the Web Help Desk virtual appliance (VA). This procedure applies to a SolarWinds Web Help Desk VA with an embedded virtual appliance management interface (VAMI) running on port 5480.

Access the VAMI site at https://[VA_HOST]:5480.


All Web Help Desk versions


Self-signed SSL Certificate

  1. SSH to the VA as user admin.
  2. Switch to user root: 

    sudo su -
  3. Create a backup folder and switch to that folder.

    mkdir VAMI_BAK
    cd VAMI_BAK
  4. Create a backup of the current self-generated certificates and OpenSSL configuration.

    cp /opt/vmware/etc/sfcb/*.pem ./ 
    cp /opt/vmware/etc/ssl/openssl.conf ./
  5. Create a work directory for the generated self-signed certificates.

    mkdir WORK
  6. Switch to the work directory.

    cd WORK
  7. Configure OpenSSL to put in the SSL Certificate details: 
    1. vi /opt/vmware/etc/ssl/openssl.conf 
    2. Press A to enter edit mode 
    3. Modify the following lines: 
      • commonName= 
      • organizationName= 
      • organizationalUnitName= 
      • countryName= 
    4. Save the file by pressing Esc, then :wq! 
    5. Press Enter.
  8. Run the script.

  9. Copy and overwrite the resulting files.

    cp *.pem /opt/vmware/etc/sfcb/ -Rf 
    cat file.pem server.pem > /opt/vmware/etc/lighttpd/server.pem
  10. Restart the VAMI services: 

    /etc/init.d/vami-sfcb restart 
    /etc/init.d/vami-lighttp restart

Signed SSL Certificate

If you configured a valid certificate for the Web Help Desk VA, add the certificate to the VA management site located at https://[VA_HOST]:5480.

  1. Set the environment variables.

    export JAVA_HOME=/usr/local/webhelpdesk/bin/jre
    export PATH=$JAVA_HOME/bin:${PATH}
  2. Extract the keypair from the keystore.jks file to a PFX file. 

    keytool -importkeystore -srckeystore /usr/local/webhelpdesk/conf/keystore.jks -srcstorepass changeit -srcalias tomcat -destkeystore keystore.pfx -deststoretype PKCS12 -deststorepass changeit -destalias tomcat
  3. Extract the key file and set the following passphrase:
    openssl pkcs12 -in keystore.pfx -nocerts -out file_pass.pem 

  4. Enter changeit for the password.

  5. Set a passphrase. 

  6. Convert the key file to a non-passphrase protected key using the passphrase in the previous step.

    openssl rsa -in file_pass.pem -out file.pem- 
  7. Extract the signed certificate from the PFX file. When prompted, enter changeit for the keystore password.

    openssl pkcs12 -in keystore.pfx -clcerts -nokeys -out server.pem
  8. Create a keypair that works with lighttpd (the web server for the VA management console).

    cat file.pem server.pem > /opt/vmware/etc/lighttpd/server.pem
  9. Restart the lighttpd services. 

    /etc/init.d/vami-lighttp restart 
Last modified