Import an existing certificate
By default, Web Help Desk creates a self-signed certificate. Since the certificate is not signed, it displays as not trusted. You can obtain a signed certificate from a Certificate Authority (CA), such as Comodo, GoDaddy, and others. To obtain a certificate, you can create a Certificate Request or use an existing certificate.
To use an existing certificate with Web Help Desk, import your private key and your certificate chain.
Import a self-signed or wildcard certificate
Large organizations can use a signed certificate (such as a wildcard certificate) throughout their domain. This certificate can be stored in a central location (such the Central Certificate Store (CCS) included with Windows Server 2012 and higher) and distributed on demand.
Self-signed certificates do not contain CA certificates. As a result, use your group policy object (GPO) to push the self-signed certificate to a trusted certificate store.
You can import a self-signed or wildcard certificate in a Windows Server or Linux deployment.
Windows Server deployment
If you cannot import the PFX file using the Web Help Desk Administrator Console, import the file using Portecle, which is included with your Web Help Desk program files. You can download the user documentation from the Portecle website at portecle.sourceforge.net.
- Log in to the Web Help Desk host server as an administrator.
-
Navigate to:
C\Program Files\WebHelpDesk
-
Back up the
keystore.jks
file to a safe location. - Double-click
Portecle.bat
. - In the toolbar, click File > Open Keystore File.
-
Navigate to:
C:\Program Files\WebHelpDesk\conf
- Click keystore.jks.
-
Enter the keystore password, and then click OK.
The password is stored in the
whd.conf
file. The default password ischangeit
. - Right-click tomcat and select Delete.
-
Click Tools > Import key pair.
Do not import the certificate using Tools > Import Trusted Certificate, as this option will not include the private key. - Select the new self-signed or wildcard PFX certificate.
-
Enter the password.
Use the password you set when you exported the certificate to PDX.
- Set the alias to tomcat.
-
Enter the key pair password.
The password should be identical to the current keystore password.
- Save the keystore.
- Restart Web Help Desk.
Linux deployment
Scripts are not supported under any SolarWinds support program or service. Scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.
-
Navigate to the Web Help Desk
/conf
directory located at:/usr/local/webhelpdesk/conf
-
Back up the
keystore.jks
file to a safe location. -
Delete the existing keypair.
../bin/jre/bin/keytool -delete -alias tomcat -keystore keystore.jks
-
Import the self-signed or wildcard PFX file. Provide the password used to export the file.
../bin/jre/bin/keytool -importkeystore -srckeystore yourpfxfile.pfx -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
If you are running Web Help Desk 12.6 or later, SolarWinds recommends migrating to a PKCS#12 format, which is an industry-standard format. You can convert the keystore type to a PKCS#12 format in step 8. -
Set the keypair password, providing the same password as the keystore.
../bin/jre/bin/keytool -keypasswd -alias tomcat -keystore keystore.jks
-
Get the keypair alias.
../bin/jre/bin/keytool -v -list -keystore keystore.jks
-
Change the keypair alias to
tomcat
.../bin/jre/bin/keytool -v -keystore keystore.jks -changealias -alias aliasnamefromtheabovecommand -destalias tomcat
-
Reinspect and verify the keypair. The alias is now tomcat.
../bin/jre/bin/keytool -v -list -keystore keystore.jks
-
If you are running Web Help Desk 12.5.2 or earlier, go to the next step.
If you are running Web Help Desk 12.6 and later, convert the keystore type to PKCS12.
../bin/jre/bin/keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12
-
In the
/conf
directory, open thewhd.conf
file. -
In the file, locate the following parameter:
KEYSTORE_TYPE=JKS
-
Change the parameter to:
KEYSTORE_TYPE=PKCS12
-
Save and close the file.
-
-
Restart Web Help Desk.
/usr/local/webhelpdesk/whd restart
-
Verify that Web Help Desk can start and the certificate is loaded.
About PKCS#12 files
The PKCS#12 standard specifies a keystore format used for transferring private keys and certificates. PKCS#12 files typically use the p12 or PFX extension. If you have your private key and certificate bundled in this format, you can import it directly into Porteclé.
If a PKCS#12 (p12 or PFX) file is not available, use the OpenSSL pkcs12
command to generate the file from a private key and a certificate. If your certificate is on a Windows server, export a PKCS#12 file from the Microsoft Management Console.