Documentation forWeb Help Desk
Important security updates are available for WHD. SolarWinds recommends you upgrade to version 12.8.3 Hotfix 3.

Configure the server options

You can enable HTTPS by configuring the server options located at Setup > General. The server options allow you to:

  • Configure the HTTP and HTTPS ports running on Web Help Desk
  • Create a new keystore to store your SSL certificates
  • Create a new keystore with an existing wildcard certificate in PFX format
  • Restart Web Help Desk

After you configure the ports, Web Help Desk copies the settings to the whd.conf file in the Web Help Desk home directory. If you decide to update the whd.conf file on your own, the new settings are reflected in the user interface.

Using Keystore Options, you can create a custom Java Keystore (JKS) to share certificates for other applications. You can also create a new JKS or a Public Key Cryptography Standards #12 (PKCS12) keystore.

Beginning in Web Help Desk 12.7.4, the application supports HTTP Strict Transport Security (HSTS). HSTS is a web policy that forces a secure HTTPS connection with Transport Layer Security (TLS) between a supported web browser and the Web Help Desk server. After you enable the web policy by importing a signed certificate from a trusted Certificate Authority (CA), unauthorized users cannot access data shared between the server and your clients, techs, and administrators.

About HSTS

Beginning in version 12.7.4, Web Help Desk includes the HTTP Strict Transport Security (HSTS) web policy. After you download and import a signed certificate from a trusted Certificate Authority (CA), Web Help Desk forces a secure HTTPS connection with Transport Layer Security (TLS) between a supported web browser and the Web Help Desk server. This feature prevents unauthorized users from capturing data shared between the server and your clients, techs, and administrators.

Enable a listening port

Enable the listening port to listen for HTTP or HTTPS requests. When you are finished, configure the port number used to monitor the requests.

After you configure the port, include the port number in URLs that refer to Web Help Desk. For example, if you select port 8081, enter https://localhost:8081 in the web browser.

  1. Log in to Web Help Desk as an administrator.
  2. Click Setup > General > Server Options.

  3. Select this option to listen for HTTP requests.

  4. Enter an HTTP port number between 0 and 65535 to monitor the HTTP requests. For example, enter 8081 to process non-secure traffic from the Web Help Desk Console.

    The default selection is port 8081.

  5. Select this option to listen for HTTPS requests.

  6. Enter an HTTPS port number between 0 and 65535 to monitor the HTTPS requests. For example, enter 8443 to process secure traffic from the Web Help Desk Console.

    The default selection is port 8443.
  7. Click Save.

  8. Click Restart to restart the Web Help Desk server.

Redirect HTTP requests to an HTTPS port

To ensure all incoming requests use a secure connection, enable Redirect HTTP requests to HTTPS. When enabled, all incoming requests redirect to a secure HTTPS port.

  1. Log in to Web Help Desk as an administrator.
  2. Click Setup > General > Server Options.

  3. Select this option to ensure all incoming requests use a secure connection. When enabled, all incoming requests redirect to a secure HTTPS port.

  4. Click Save.
  5. Click Restart to restart the Web Help Desk server.

Enable a URL port for generated URL links

Web Help Desk generates internal URLs to link customer tickets to specific resources, such as an FAQ. For additional security, configure the generated URL links to access a secure port on the Web Help Desk server.

For example, you can configure a web server to route requests for default port 80 to the default Web Help Desk port 8081. As a result, all generated URL links use port 8081 to access the Web Help Desk server.

  1. Log in to Web Help Desk as an administrator.
  2. Click Setup > General > Server Options.

  3. If HTTP is enabled, click Custom HTTP Port for Generated URL Links.

  4. Enter an HTTP port number between 0 and 65535 for the generated URL link.

    The default selection is port 8081.

  5. If HTTPS is enabled, click Custom HTTPS Port for Generated URL Links.

  6. Enter an HTTPS port number between 0 and 65535 for the generated URL link.

    The default selection is port 8443.

  7. Click Save.
  8. Click Restart Web Help Desk.

Create a new keystore

By default, Web Help Desk creates a Java KeyStore (JKS) at <WebHelpDesk>/conf/keystore.jks when you install the software. Using Keystore Options, you can create a custom JKS to share certificates for other applications or create a Public-Key Cryptography Standards #12 (PKCS12) KeyStore to store an Apple Push Notification Services (APNS) Certificate or a certificate created using OpenSSL.

  1. Enter a path to the keystore file on the server. Include the file name in the path. For example, enter keystore.jks (for JKS certificates) or keystore.p12 (for PKCS12 certificates).

  2. Click the Type drop-down menu and selected a keystore file format.

  3. Enter a new password for the keystore file. The current password for the keystore.jks file is changeit. To use the existing password, leave the field empty.

  4. Click Save.

  5. Click Restart to restart the Web Help Desk server.

    If you are running Web Help Desk in a cluster, restarting the application only impacts your current instance.

Create a new keystore with an existing wildcard certificate in PFX format

  1. Log in to the Web Help Desk server.
  2. Stop the Web Help Desk service.

  3. Navigate to the WHD installation folder for your operating system.

    Operating system Path
    macOS /Library/WebHelpDesk
    Microsoft Windows Server \Program Files\WebHelpDesk
    Red Hat/CentOS/Fedora Linux /usr/local/webhelpdesk

  4. Execute:

    portecle.bat

  5. Create a new keystore file.
    1. Click the File tab and select New Keystore.
    2. Select JKS (First option).
  6. Import the keypair.
    1. Click the Tools tab and select Import Keypair.
    2. Locate the PFX file.
  7. Enter tomcat as the alias, and click OK.
  8. Enter your PFX password, and click OK.
  9. Save the file.
    1. Click the File tab and select Save Keystore.
    2. Enter your PFX password.

    3. Name the file:

      keystore.jks

  10. Set the certificate password.
    1. Right-click tomcat and select Set Password.
    2. Enter your PFX password, and click OK.
  11. Save your changes.
    1. Click File > Save Keystore As.

    2. Save the file as:

      keystore.jks

  12. In the conf folder, rename the old keystore.jks file (if applicable).
  13. Copy the new keystore.jks file to the conf folder.
  14. In the conf folder, open the whd.conf file in a text editor (such as Notepad).

  15. In the file, locate the KEYSTORE_PASSWORD parameter, as shown below.

    # Keystore settings (for SSL connections)

    KEYSTORE_PASSWORD=changeit

    Make sure you change default password with the same password you set earlier on the keystore.
  16. Replace the default password with the password you set earlier in the keystore.
  17. Save and close the whd.conf file.
  18. Close the Web Help Desk installation folder.
  19. Restart Web Help Desk.