Submit a ticketCall us

WebinarWebinar: A checklist for planning your Network Performance Monitor (NPM) upgrade

Are you ready for your next upgrade? To help you plan smoothly, join this webcast to learn more about, SolarWinds® Orion® Installer, SolarWinds Upgrade Advisor, Upgrades Guides, Training Videos, and other resources available. We’ll share key upgrade planning considerations, lessons learned from customers with practical advice from SolarWinds Product Experts. We’ll also give practical tips to identify the estimated time needed and resources, how to prepare the business and IT staff for changes, ways to plan for required system changes, and more.

Register now.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > How to create a self signed certificate in Linux

How to create a self signed certificate in Linux

Table of contents

Updated March 8, 2018


This guide will help you create a self-signed certificate for the Linux OS for use with Web Help Desk.


  • All Linux versions
  • Web Help Desk, all versions


  1. SSH to the machine as a user with sudo access.
  2. Change the directory to the WHD home folder:
    cd /usr/local/webhelpdesk/conf
  3. Edit the file /usr/local/webhelpdesk/conf/whd.conf:
    1. Uncomment the line for HTTPS_PORT=443.
    2. Look for KEYSTORE_PASSWORD= and take note of the password.
  4. Back up the keystore, and then delete the alias "tomcat" from the keystore:
    sudo ../bin/jre/bin/keytool -delete -alias tomcat -keystore keystore.jks -storepass [the password from step 3]
  5. Generate a new key with alias "tomcat":
    1. Enter the following SHA2 Signature Algorithm:
      sudo ../bin/jre/bin/keytool -genkey -alias tomcat -keystore keystore.jks -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity <val_days> -storepass [the password from step 3]
      where <val_days> = days that the key is valid (for example, 360 for 1 year and 720 for 2 years)
    2. Enter a CN that matches the site used in the certificate For example, if Web Help Desk is hosted at, your CN must be
    3. Enter an Organization Unit (OU) that helps distinguish this certificate from others for your organization. 
    4. Enter an Organization Name (O), typically name for your organization. 
    5. Enter a Locality Name (L). This is typically a city name.
    6. Enter a State Name (ST). This should be the unabbreviated city and state/province/region/territory of your organization.
    7. Enter a Country (C). This should be the two letter ISO 3166 country code for your country. 
    8. Email (E) is generally optional, but may be used by your CA as the address to which the certificate will be mailed.
  6. Generate a CSR file or Certificate Signing Request file:
    sudo ../bin/jre/bin/keytool -certreq -alias tomcat -keystore keystore.jks -file <[filename].csr> -storepass [the password from step 3]
  7. Grab a copy of that .csr file and send it to your root CA to request for a signed certificate.
  8. After you have downloaded the signed certificate and root certificates, you can then import them as follows:
    1. Copy the files to the VA using an SFTP client (like FileZilla or WinSCP) and take note of the location.
    2. Import the Root and intermediate CA certificates (repeat the same step below for every certificate and change the alias to a different name):
      sudo ../bin/jre/bin/keytool -import -trustcacerts -alias root -file </path/to/Root CA file> -keystore keystore.jks -<storepass>
      where <storepass> is the password from step 3
    3. Import the singed primary CA for WHD (tomcat):
      sudo ../bin/jre/bin/keytool -import -trustcacerts -alias tomcat -file </path/to/your.whd.authenticated cert> -keystore keystore.jks -storepass [the password from step 3]

See the admin guide for more information about managing keys and certificates in Web Help Desk.


CSR Linux, CSR, self-signed linux, self-signed

Last modified