Certificate troubleshooting tips
If you experience issues when importing CA certificates, ensure that your settings are correct and there are no errors in your procedures.
Select the CA certs keystore
In Porteclé, navigate to Tools > Options and select Use CA Certs Keystore. When completed, Porteclé checks the built-in Java certificates to establish trust.
Import certificates in order
Porteclé requires you to import all certificates in order, beginning with the most trusted certificate (for example, root certificate, intermediate certificate issued by the root, the certificate issued by that certificate, and so on). If you import a certificate out of order, Porteclé generates an error stating it cannot establish trust. Confirming trust for any certificate other than the root certificate is not expected.
Additionally, do not import your own certificate using the Tools > Import Trusted Certificates menu option. This option is only for importing root and chain certificates. Instead, right-click your tomcat keypair and select Import CA Reply.
Use identical keypair and keystore passwords
Ensure that the password set for the keypair and the keystore are identical and match the KEYSTORE_PASSWORD setting in the <WebHelpDesk>/conf/whd.conf file (the default password is changeit) . To set the keypair password, right-click the tomcat keypair and select Set password. To set the keystore password, select Tools > Set Keystore Password.
Save your keystore
Ensure that your keystore is saved to:
<WebHelpDesk>/conf/keystore.jks
Enable your changes
Restart Web Help Desk to ensure changes in Porteclé or the whd.conf file are enabled. For Windows systems, use the Web Help Desk Start/Stop utilities in the Start menu instead of the Windows Services panel. For systems running Windows Server 2008 and later, right-click Run As Administrator.
Prevent certificate warnings
When the host name in the address used to browse to Web Help Desk is different from the Common Name (CN) field in your certificate, a certificate warning is displayed. For example, a certificate warning is displayed if your certificate is for help.mycompany.com and you use localhost as the hostname in your URL.
Enable HTTP requests
When using HTTPS, ensure that your Setup settings are set correctly. To verify, click Setup and select Options. In the General Options screen, ensure that the Force HTTPS setting is set to Always. This setting ensures that links pointing to Web Help Desk use HTTPS.
Resolutions for common issues
The following table provides resolutions to common certificate issues.
| Issue | Resolution |
|---|---|
| Porteclé says my CA Reply certificate cannot be trusted. |
Porteclé does not trust sign your certificate. You must obtain a root certificate (or chain of certificates) from your CA that matches the issuer identity of your certificate and import them into Porteclé before importing your own certificate as a CA Reply. You can determine the issuer of your CA reply by importing your certificate into Porteclé as a trusted certificate (instead of a CA reply) and examining the certificate details. Review the certificate details of other certificates in your keystore to see if any of them match your certificate’s Issuer attribute. If not, obtain a certificate from your CA that does match. After you import a certificate that matches your certificate issuer, as well as any other certificates needed to trust those certificates, delete your temporarily trusted certificate and re-import it as a CA reply to your keypair. |
| After importing my certificate, Web Help Desk does not start. |
Open your
|
| After importing my certificate, Web Help Desk is OK, but my browser shows a self-signed certificate. | Verify that your private key was generated using the DSA algorithm. DSA keys can fail with many browsers, including Internet Explorer. Try using RSA instead. |