Add third-party SSL certificates
To add a third-party certificate to the appliance:
-
Copy the certificate to the appliance
/tmpdirectory, using a protocol such as SFTP or SCP.The certificate in this example procedure is:
WHD.crt
-
Change your directory to the Web Help Desk root directory.
Execute:
[root@localhost ~]# cd /usr/local/WebHelpDesk[root@localhost WebHelpDesk]# -
Stop the WebHelpDesk service.
Execute:
[root@localhost WebHelpDesk]# /etc/init.d/WebHelpDesk stopThe following message appears on your screen:
Web Help Desk12.X.X
Copyright (c) SolarWinds Worldwide, LLCUsing XX:MaxPermSize=256Stopping the Web Help Desk...Stopping postgresql-9.2 service: [ OK ]
[root@localhost WebHelpDesk]#
-
Obtain the keystore password.
Execute:
[root@localhost WebHelpDesk]# KEYSTORE_PASS=$(grep KEYSTORE_PASS conf/whd.conf| cut -d= -f2) -
List the current keys in the keystore, entering your keystore password when prompted.
Execute:
[root@localhost WebHelpDesk]# bin/jre/bin/keytool -list -keystore conf/keystore.jksThe following message appears on your screen
Enter keystore password: [root@localhost WebHelpDesk]# bin/jre/bin/keytool -list -keystore conf/keystore.jks -storepass $KEYSTORE_PASS
Keystore type: JKSKeystore provider: SUN
Your keystore contains 1 entry
tomcat, May 17, 2016, PrivateKeyEntry,Certificate fingerprint (MD5): 21:DB:B3:84:26:DF:C8:94:46:5D:52:14:48:8B:D8:F0
-
Delete the existing key with the tomcat alias.
Execute:
[root@localhost WebHelpDesk]# bin/jre/bin/keytool -delete -alias tomcat_old -keystore conf/keystore.jks -
Import the Chain Certificate into the keystore.
Execute:
[root@localhost WebHelpDesk]# bin/jre/bin/keytool -importcert -alias root -keystore conf/keystore.jks -storepass $KEYSTORE_PASS -trustcacerts -file <path_to_certificate>/cacert.pemThe following message appears on your screen:
Certificate was added to keystore -
Import and alias the new certificate as
tomcat.Execute:
[root@localhost WebHelpDesk]# bin/jre/bin/keytool -importcert -alias tomcat -file <path_to_certificate>/WHD.crt -storepass $KEYSTORE_PASS - keystore conf/keystore.jksThe following message appears on your screen. When prompted, click Yes to trust the certificate.
Owner: CN=WHD.solarwinds.com, OU=R&D, O="SolarWinds, Inc.", L=Post Falls, ST=ID, C=USIssuer: CN=WHD.solarwinds.com, OU=R&D, O="SolarWinds, Inc.", L=Post Falls, ST=ID, C=US
Serial number: d06f2873e1ca8f60
Valid from: Wed Jun 26 01:09:35 UTC 2015 until: Sun Jun 25 01:09:35 UTC 2019
Certificate fingerprints:
MD5:EF:FD:2A:5A:8B:45:0C:32:88:5B:33:B0:B7:67:EB:FE SHA1: 85:2F:8E:F1:D0:51:18:C9:BA:FA:EA:9D:38:91:65:E8:38:94:BF:A3 Signature algorithm name: SHA1withRSA Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 12 4E F7 45 EC EE 6C A7 58 26 44 1A 5B 66 B7 AC .N.E..l.X&D.[f..0010: 2E 37 A2 E5 .7..]]#2: ObjectId: 2.5.29.19 Criticality=falseBasicConstraints:[ CA:true PathLen:2147483647]
#3: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 12 4E F7 45 EC EE 6C A7 58 26 44 1A 5B 66 B7 AC .N.E..l.X&D.[f..0010: 2E 37 A2 E5.7..]
Trust this certificate? [no]: yes
Certificate was added to keystore
-
Re-list the keystore keys.
Execute:
[root@localhost WebHelpDesk]# bin/jre/bin/keytool -list -keystore conf/keystore.jks -storepass $KEYSTORE_PASSThe following message appears on your screen:
Keystore type: JKSKeystore provider: SUNYour keystore contains 1 entryroot, Jun 26, 2016, trustedCertEntry,Certificate fingerprint (MD5): F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7Atomcat, Jun 26, 2016, trustedCertEntry,Certificate fingerprint (MD5): EF:FD:2A:5A:8B:45:0C:32:88:5B:33:B0:B7:67:EB:FE - Restart the WebHelpDesk service.
Execute:
[root@localhost WebHelpDesk]# /etc/init.d/WebHelpDesk restartThe following message appears on your screen:
Web Help Desk 12.X.XCopyright (c) SolarWinds Worldwide, LLCUsing XX:MaxPermSize=256Restarting the Web Help Desk...Web Help Desk12.X.X
Copyright (c) SolarWinds Worldwide, LLC
Using XX:MaxPermSize=256
Using additional JVM options:
-Djava.awt.headless=true
-Xms128m -Xmx512m
-XX:MaxPermSize=256m
-DWHD.stdDeploy=true
-DWHDFingerPort=-1WHD
-DPrivilegedNetworks="*"
-DWHDconnections="10"
-Dlogback.configurationFile="/usr/local/WebHelpDesk/conf/logback-config.xml"Starting postgresql-9.2 service:[ OK ]
Starting theWeb Help Deskon port 80...Starting an SSL connection to the Web Help Deskon port 443...(See README.txt for information regarding SSL connections).Using CATALINA_BASE:/usr/local/WebHelpDesk/bin/tomcatUsing CATALINA_HOME: /usr/local/WebHelpDesk/bin/tomcatUsing CATALINA_TMPDIR:/usr/local/WebHelpDesk/bin/tomcat/tempUsing JRE_HOME:/usr/local/WebHelpDesk/bin/jreUsing CLASSPATH:/usr/local/WebHelpDeskdesk/bin/tomcat/bin/bootstrap.jar:/usr/local/
WebHelpDesk/bin/tomcat/bin/tomcat-juli.jarUsing CATALINA_PID:/usr/local/WebHelpDesk/log/.WHD.pid - If the HTTPS service does not appear, stop and then restart WHD debug. When completed, look for error messages.
Execute:
[root@localhost WebHelpDesk]# ./WHD debugThe following message appears:
Web Help Desk 12.X.XCopyright (c) SolarWinds Worldwide, LLCUsing XX:MaxPermSize=256DEBUG MODE: Debug messages will be written to standard out.Press Ctrl-C to stop.Starting postgresql-9.2 service:[ OK ]
Starting the Web Help Deskon port 80...Starting an SSL connection to the Web Help Desk on port 443...(See README.txt for information regarding SSL connections.)Using CATALINA_BASE:/usr/local/WebHelpDesk/bin/tomcatUsing CATALINA_HOME:/usr/local/WebHelpDesk/bin/tomcatUsing CATALINA_TMPDIR:/usr/local/WebHelpDesk/bin/tomcat/tempUsing JRE_HOME:/usr/local/WebHelpDesk/bin/jreUsing CLASSPATH:/usr/local/WebHelpDesk/bin/tomcat/bin/bootstrap.jar:/usr/local/
WebHelpDesk/bin/tomcat/bin/tomcat-juli.jarUsing CATALINA_PID: /usr/local/WebHelpDesk/log/.WHD.pidJun 26, 2015 7:38:01 PM org.apache.catalina.core.AprLifecycleListener initIf you have errors, they will appear here.
For additional information about installing certificates see Installing a Certificate from a Certificate Authority on the Apache Tomcat website.