Documentation forWeb Help Desk
Important security updates are available for WHD. SolarWinds recommends you upgrade to version 12.8.3 Hotfix 3.

Set up the certificates

Use Certificates to manage SSL and Apple Push Notification Services (APNS) certificates.

When your web browser submits an HTTPS request to Web Help Desk, the SSL protocol requires the application to respond with a certificate to verify the authenticity of the server. The certificate contains a public key used for encryption and a digital signature from a Certification Authority (CA). The digital signature indicates which CA verified the authenticity of the server.

Web Help Desk stores the certificates in the Java keystore located at:

<WebHelpDesk>/conf/keystore.jks

You can also store the certificates in a separate Public-Key Cryptography Standards #12 (PKCS12) KeyStore, or Java KeyStore (JKS) that you create in Server Options.

APNS certificates enable Web Help Desk to send notifications to an Apple device running Web Help Desk Mobile and a supported Apple iOS. When enabled, the device receives Short Message Service (SMS) text messages each time a customer ticket is created or updated. Each Apple device requires a supported Apple iOS and the Web Help Desk Mobile application, which you can download from the Apple App Store.

SSL certificates

These certificates create a secure connection between Web Help Desk and an external resource. Web Help Desk supports the following SSL certificates:

  • Self-signed SSL certificate
  • Certificate from a Certificate Authority (CA)
  • Public-Key Cryptography Standards (PKCS) #12 certificate
The PKCS#12 standard specifies a keystore format used for transferring private keys and certificates. PKCS#12 files typically use the p12 or PFX extension. If you have your private key and certificate bundled in this format, you can import it directly into Porteclé.

The Certificates in the Keystore panel at Setup > General > Certificates list the SSL certificates currently in the keystore and defined in the .conf file. These certificates provide a secure connection between a resource and the Web Help Desk Administrator Console. You can upload and delete these certificates as required.

In the following example, the Apache Tomcat SSL certificate is installed in the keystore.

Some resources (such as a web server) require a key pair and a specific alias name to create a secure connection. Click Edit Alias to add an alias to the key pair.

The following table lists some third-party applications used with Web Help Desk that require an SSL certificate.

Product SSL certificate function
Apache Tomcat Creates a secure connection to the Apache Tomcat web and application server.
Microsoft Exchange Server Creates a secure connection to the Exchange server used to retrieve incoming Web Help Desk ticket emails sent from clients.
PostgreSQL  Creates a secure connection to an external PostgreSQL database.

HSTS support

Beginning in Web Help Desk 12.7.4, the application supports HTTP Strict Transport Security (HSTS). This web policy forces a secure HTTPS connection with Transport Layer Security (TLS) between a supported web browser and the Web Help Desk server. The web policy is enabled automatically after you import an SSL certificate from a trusted Certificate Authority (CA).

HSTS is an Internet Engineering Task Force (IETF) standards track protocol and is specified in RFC 6797.

Import an SSL certificate in CER format

Download the SSL certificate file in CER format from the certificate provider. After you unzip the file, upload the P12 or PFX certificate into Web Help Desk.

  1. Download the SSL certificate from the third-party software website.
  2. Unzip the file.
  3. Log in to Web Help Desk as an administrator.
  4. Click Setup > General > Certificates.
  5. Under Certificates in the Keystore, click Upload, and then click Browse.

    For an APNS Certificate, click Browse under Upload a new APNS Certificate file.

  6. Navigate to the unzipped file directory.
  7. Complete the on-screen prompts to install the SSL certificate.
  8. Click Restart to restart the Web Help Desk server.

    The SSL certificate is installed on the Web Help Desk server.

Import an SSL certificate in PFX format

This procedure describes how to import an SSL certificate in PFX format into Web Help Desk on Windows Server and Linux deployments using the Porteclé application included with Web Help Desk. Porteclé is a third-party open-source utility that provides a graphical user interface for administering the keystore on the Windows or Linux platforms.

Self-signed certificates must be pushed through GPO to a trusted certificate store, as these certificates do not contain CA certificates.
If Web Help Desk is not installed on drive C, Portecle will not be able to run. As an alternate method, you can use a third-party application such as Keystore Explorer. The import process is similar to Portecle, but this application is not supported by SolarWinds.

Windows Server deployments

Perform the following steps to import an SSL certificate in PFX format to a server running Windows Server.

  1. Stop the Web Help Desk services.
  2. Navigate to:

    C:\Program Files\WebHelpDesk\conf

  3. Back up the keystore.jks file to a safe location.

  4. Return to the WebHelpDesk directory

  5. Right-click Portecle.bat and select Run as administrator.

  6. In the Porteclé toolbar, click File > Open.
  7. Navigate to :

    C:\Program Files\WebHelpDesk\conf\

  8. Open the keystore.jks file and enter the password when prompted.

    The default password is changeit.

    If the password was not changed, go to the next step.

    If the password was changed, do the following.

    1. In the \conf directory, open the whd.conf file using a text editor (such as Notepad).

    2. Scroll down to the following parameter:

      # Keystore settings (for SSL connections)
      KEYSTORE_PASSWORD=changeit
    3. Record the new keystore password.

    4. Close the whd.conf file. Do not make any changes to the file.

    5. Enter the password to access the keystore.jks file.

  9. Delete the existing keypair by deleting the tomcat entry.

    1. In Portecle, right-click the tomcat entry and select Delete.

    2. When prompted, click OK to confirm the delete.

  10. Import the new PFX certificate.
    1. Click Tools > Import Keypair.
    2. Select your PFX certificate file.
    3. Enter the PFX password, and then click OK.

    4. In the Import Key Pair window, select the key pair and then click OK.

      The Key Pair Entry Alias window displays the alias name.

    5. In the window, change the alias name to tomcat, and then click OK.

    6. Change the password to changeit, and then click OK.

    7. Click OK to confirm the change.

  11. In the Porteclé toolbar, click File > Save Keystore.

  12. Reset the keystore password and password again.

    1. In the Portecle toolbar, click Tools > Set Keystore Password.

    2. Enter changeit as the new password, confirm the password, and then click OK.

    3. Right-click tomcat and select Set Password.

    4. Enter and confirm the password, and then click OK.

  13. Stop the Web Help Desk services.
    1. Navigate to:

      C:\Program Files\WebHelpDesk

    2. Right-click whd_stop.bat and select Run as administrator.
  14. Start the Web Help Desk services. 

    In the WebHelpDesk directory, right-click whd_start.bat and select Run as administrator.

Linux deployment

Perform the following steps to import an SSL certificate in PFX format on a server running Linux.

Scripts are not supported under any SolarWinds support program or service. Scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.

  1. Navigate to the Web Help Desk /conf directory located at:

    /usr/local/webhelpdesk/conf

  2. Back up the keystore.jks file to a safe location.

  3. Delete the existing keypair.

    ../bin/jre/bin/keytool -delete -alias tomcat -keystore keystore.jks
  4. Import the PFX file. Provide the PFX password used to export the file.

    ../bin/jre/bin/keytool -importkeystore -srckeystore yourpfxfile.pfx -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS

    SolarWinds recommends migrating to PKCS12, which is an industry-standard format. See step 8 to convert the keystore type to PKCS12.

  5. Set the keypair password, providing the same password as the keystore.

    ../bin/jre/bin/keytool -keypasswd -alias tomcat -keystore keystore.jks
  6. Get the keypair alias.

    ../bin/jre/bin/keytool -v -list -keystore keystore.jks
  7. Change the keypair alias to tomcat.

    ../bin/jre/bin/keytool -v -keystore keystore.jks -changealias -alias aliasnamefromtheabovecommand -destalias tomcat
  8. Reinspect and verify the keypair. The alias is now tomcat.

    ../bin/jre/bin/keytool -v -list -keystore keystore.jks
  9. If you are running Web Help Desk 12.5.2 or earlier, go to the next step.

    If you are running Web Help Desk 12.6 and later, convert the keystore type to PKCS12.

    ../bin/jre/bin/keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12
    1. In the /conf directory, open the whd.conf file.

    2. In the file, locate the following parameter:

      KEYSTORE_TYPE=JKS
    3. Change the parameter to:

      KEYSTORE_TYPE=PKCS12
    4. Save and close the file.

  10. Restart Web Help Desk.

    /usr/local/webhelpdesk/whd restart
  11. Verify that Web Help Desk can start and the certificate is loaded.

Apple Push Notification Services certificates

APNS requires an APNS Certificate that establishes the communications link between APNS and the Apple device. This certificate is included with Web Help Desk.

The APNS panel displays the current APNS Certificate expiration date and allows you to upload a new APNS Certificate file when the existing file expires.

This panel enables Web Help Desk to send notifications to an Apple device running Web Help Desk Mobile and a supported Apple iOS. When enabled, the device receives Short Message Service (SMS) text messages each time a customer ticket is created or updated.

You can register an Apple device and enable SMS email for each tech at Setup > Techs > Techs.

To enable APNS on an Apple device:

  1. Set up and register the device with the Web Help Desk server.
  2. Enable SMS on the Apple device.
  3. Send a test notification message to the Apple device to verify that APNS is enabled.
  4. When the certificate expires, upload and install a new APNS certificate.

Set up and register a device

Install the Web Help Desk Mobile software and register the Apple device with the Web Help Desk server.

  1. Locate the following Web Help Desk server information:

    • Host name or IP address
    • Port number (secure TCP 8443 or non-secure TCP 8081)
  2. Download Web Help Desk Mobile from the Apple iTunes site.
  3. Install the software on the Apple device.
  4. Complete the online registration form.
  5. Log in to Web Help Desk.
  6. Click Setup > Techs > Techs.
  7. Click your name in the Tech Name column.

  8. In the Account Info tab, scroll down to Mobile Devices Setup and verify that your Apple device displays as a registered device.

Enable the Short Message Service (SMS)

Enable Web Help Desk to send SMS text messages to the Apple device.

  1. In the Account Info tab, click to enter Edit mode.
  2. Scroll down to email Setup and select the SMS email Enabled checkbox.

    Additional options display under the setting.

  3. Enter the email address associated with the Apple device.

    For example, if the device uses Verizon email, enter joeadmin@vtext.com.

    Contact your mobile carrier for the proper email format.

  4. Select the minimum ticket priority that triggers an SMS email to the Apple device.
  5. Select the minimum ticket alert level that triggers an SMS email to the Apple device.
  6. (Optional) Select the Repeating check box to continue sending SMS emails until the ticket condition is updated.
  7. Click Save.

Send a test notification message

Verify that the Apple device receives APNS notifications from the Web Help Desk server.

  1. Click Setup > General > Certificates.
  2. Click Send Test Notification.

  3. Verify that you received a notification on your Apple device.

    APNS is configured for the Apple device.

Upload and install a new APNS certificate

When the APNS certificate expires, download a new APNS Certificate from the SolarWinds Customer Portal and install the certificate using the Web Help Desk Console.

  1. Download an updated APNS certificate.
    1. Log in to the SolarWinds Customer Portal.
    2. Click the License Management drop-down menu and select My Downloads.
    3. Click the Products drop-down menu and select Web Help Desk.
    4. Under Additional Downloads, locate the Apple Push Notification (APN) Certificate.
    5. Click Download.

      The file is downloaded to the server.

  2. Unzip the file contents to a network share.
  3. Click Setup > General > Certificates in the Web Help Desk Console.
  4. Under Upload a new APNS Certificate file, click Browse.
  5. Navigate to the unzipped file.
  6. Complete the on-screen prompts to complete the upload.

    If FIPS is enabled in your deployment, upload the certificate to the following directory:

    <WebHelpdeskHome>/conf/apns

  7. Click Restart to restart the Web Help Desk server.

    The new APNS certificate is installed and the new APNS certificate expiration date displays in the Certificates page.