Documentation forWeb Help Desk

Import an existing certificate

By default, Web Help Desk creates a self-signed certificate. Since the certificate is not signed, it displays as not trusted. You can obtain a signed certificate from a Certificate Authority (CA), such as Comodo, GoDaddy, and others. To obtain a certificate, you can create a Certificate Request or use an existing certificate.

To use an existing certificate with Web Help Desk, import your private key and your certificate chain.

Import a self-signed or wildcard certificate

Large organizations can use a signed certificate (such as a wildcard certificate) throughout their domain. This certificate can be stored in a central location (such the Central Certificate Store (CCS) included with Windows Server 2012 and higher) and distributed on demand.

Self-signed certificates do not contain CA certificates. As a result, use your group policy object (GPO) to push the self-signed certificate to a trusted certificate store.

You can import a self-signed or wildcard certificate in a Windows Server or Linux deployment.

When you import a self-signed or wildcard certificate, the key and certificate should be included in one file. For best practice, use a PDX file.

Windows Server deployment

If you cannot import the PFX file using the Web Help Desk Administrator Console, import the file using Portecle, which is included with your Web Help Desk program files. You can download the user documentation from the Portecle website at portecle.sourceforge.net.

Self signed certificates must be pushed using GPO to a trusted certificate. A self signed certificate does not contain CA certificates.
If Web Help Desk is not installed on the C drive, Portecle will not run. As an alternative, you can use a third-party application called Keystore Explorer to import the certificate. The import process is identical. However, since Keystore Explorer is a third-party application, it is not supported by SolarWinds.
  1. Log in to the Web Help Desk host server as an administrator.

  2. Navigate to:

    C\Program Files\WebHelpDesk

  3. Back up the keystore.jks file to a safe location.

  4. Double-click Portecle.bat.
  5. In the toolbar, click File > Open Keystore File.

  6. Navigate to:

    C:\Program Files\WebHelpDesk\conf

  7. Click keystore.jks.

  8. Enter the keystore password, and then click OK.

    The password is stored in the whd.conf file. The default password is changeit.

  9. Right-click tomcat and select Delete.

  10. Click Tools > Import key pair.

    Do not import the certificate using Tools > Import Trusted Certificate, as this option will not include the private key.
  11. Select the new self-signed or wildcard PFX certificate.

  12. Enter the password.

    Use the password you set when you exported the certificate to PDX.

  13. Set the alias to tomcat.

  14. Enter the key pair password.

    The password should be identical to the current keystore password.

  15. Save the keystore.
  16. Restart Web Help Desk.

Linux deployment

Scripts are not supported under any SolarWinds support program or service. Scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.

  1. Navigate to the Web Help Desk /conf directory located at:

    /usr/local/webhelpdesk/conf

  2. Back up the keystore.jks file to a safe location.

  3. Delete the existing keypair.

    ../bin/jre/bin/keytool -delete -alias tomcat -keystore keystore.jks

  4. Import the self-signed or wildcard PFX file. Provide the password used to export the file. 

    ../bin/jre/bin/keytool -importkeystore -srckeystore yourpfxfile.pfx -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
    If you are running Web Help Desk 12.6 or later, SolarWinds recommends migrating to a PKCS#12 format, which is an industry-standard format. You can convert the keystore type to a PKCS#12 format in step 8.

  5. Set the keypair password, providing the same password as the keystore. 

    ../bin/jre/bin/keytool -keypasswd -alias tomcat -keystore keystore.jks

  6. Get the keypair alias.

    ../bin/jre/bin/keytool -v -list -keystore keystore.jks

  7. Change the keypair alias to tomcat. 

    ../bin/jre/bin/keytool -v -keystore keystore.jks -changealias -alias aliasnamefromtheabovecommand -destalias tomcat

  8. Reinspect and verify the keypair. The alias is now tomcat. 

    ../bin/jre/bin/keytool -v -list -keystore keystore.jks

  9. If you are running Web Help Desk 12.5.2 or earlier, go to the next step.

    If you are running Web Help Desk 12.6 and later, convert the keystore type to PKCS12.

    ../bin/jre/bin/keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12

    1. In the /conf directory, open the whd.conf file.

    2. In the file, locate the following parameter:

      KEYSTORE_TYPE=JKS

    3. Change the parameter to:

      KEYSTORE_TYPE=PKCS12

    4. Save and close the file.

  10. Restart Web Help Desk.

    /usr/local/webhelpdesk/whd restart

  11. Verify that Web Help Desk can start and the certificate is loaded.

About PKCS#12 files

The PKCS#12 standard specifies a keystore format used for transferring private keys and certificates. PKCS#12 files typically use the p12 or PFX extension. If you have your private key and certificate bundled in this format, you can import it directly into Porteclé.

If a PKCS#12 (p12 or PFX) file is not available, use the OpenSSL pkcs12 command to generate the file from a private key and a certificate. If your certificate is on a Windows server, export a PKCS#12 file from the Microsoft Management Console.