Documentation forWeb Help Desk
Thinking of upgrading to the cloud? Learn more about migrating from Web Help Desk to Service Desk.

Generate a new certificate using Porteclé

To generate a new certificate using Porteclé, complete the following tasks.

If you currently have a certificate, see Import an existing certificate.

Create a new keypair

  1. Open a File Explorer window.

  2. Launch the Porteclé batch file from the following directory:

    Program Files\WebHelpDesk

  3. Click File and select Open Keystore File.

  4. In the Open Keystore File window, double-click the conf directory.

  5. Double-click the keystore.jks file.

  6. Enter a password.

    The default password is:

    changeit

    The keystore opens, with a keypair entry alias labeled tomcat. Web Help Desk automatically creates this key pair.

Replace a keypair

  1. Right-click an alias and select Delete to delete a Tomcat keypair.

  2. Click Tools > Generate Key Pair.

  3. Select an algorithm and key size.

  4. Enter 1024 or 2048, and then select RSA.

  5. Click OK.

  6. Enter the X.509 attributes for your certificate.

    1. Select a validity (in days) that matches the number of days your CA certificate will be valid. The validity period is the period you specified when you purchased the certificate from the CA.

      Typical validation periods are 6, 12, or 24 months.

    2. Enter a common name that matches the site used in the certificate.

      3. For example, if Web Help Desk is hosted at support.example.com, your CN must be support.example.com.

    3. Enter an organization unit that distinguishes this certificate from other certificates for your organization.

    4. Enter an organization name, which is typically the name of your organization.

    5. Enter a locality name (such as a city name).

    6. Enter a state name.

      7. This is the full name of the state, province, region, or territory where your organization is located.

    7. Enter the country where your organization is located.

      8. This should be the two letter ISO 3166 country code for your country.

    8. (Optional). Enter a valid email address.

      This is an optional setting that your CA may use as the email address to send your certificate.

  7. Click OK.

  8. Enter the keypair alias tomcat, and then click OK.

  9. Enter changeit in both fields for the keypair password, and click Enter.

    The new keypair aliased by Tomcat appears in the window.

Generate a Certificate Signing Request (CSR)

To use a Certificate Authority (CA) certificate in the Web Help Desk Administrator Console, create a Certificate Signing Request (CSR).

A CSR is a block of encrypted text that is generated on the server where the certificate is used. The CSR contains information that will be included in your certificate, such as your organization name, common name (domain name), locality, and country.

  1. Log in to the Web Help Desk server.

  2. Stop the Web Help Desk service.

  3. Navigate to the Web Help Desk installation folder.

    Apple macOS: /Library/WebHelpDesk

    Microsoft Windows: \Program Files\WebHelpDesk

    Red Hat/CentOS/Fedora Linux: /usr/local/webhelpdesk

  4. Run:

    portecle.bat

  5. Right-click the tomcat keypair and select Generate CSR.

    The Generate CSR window opens.

  6. Enter a name for the CSR to help you remember the domain it validates.

    For example:

    support.example.com.csr

  7. Click Generate.

    The file is created.

  8. Send the file to your CA to request your certificate.

    The CA returns an X.509 certificate in DER (*.cer, *.crt), PEM (*.pem, *.cer, *.crt) or PKCS#7 (*.p7b, *.p7c) encoding.

Import the CA root and chain certificates

Before you import your certificate into the keystore, check whether the certificate vendor requires you to include any other certificates to complete the certificate chain.

  1. Verify if the certificate vendor requires any other certificates to complete the certificate chain.

  2. In the toolbar, click Tools and select Import Trusted Certificate.

  3. Locate each of the certificates provided by your CA.

  4. Import the certificates into the keystore.

Import a CA reply certificate

After you install the required root certificates, right-click the Tomcat keypair and click Import CA Reply to import the CA response from the CA.

Import certificates with Base64-encoded format

If your certificate is in Base64-encoded format (with a PEM or CER extension) and you import the certificate with another file, an error may be displayed. If this occurs, copy the certificate text that includes:

------BEGIN CERTIFICATE-----

and ends with:

------END CERTIFICATE-------

After you import your certificate reply, Porteclé reports that the certificate was imported successfully.

Import errors

If you import the CA Reply and Porteclé generates an error stating that the certificate cannot be trusted, the root certificate may not be included. To determine which certificate you need, temporarily import your CA Reply as a Trusted Certificate (rather than a CA Reply certificate) and examine the certificate details.

Locate the issuer property

Obtain a certificate from your CA that matches the Locate the Issuer property value and import the certificate into Porteclé as a trusted certificate. After you import this certificate into Porteclé (and any other certificates needed by its issuer), you can delete your own trusted certificate and re-import it as a CA Reply to your keypair.