Securing Web Help Desk with SSL

August 22nd, 2014

after reading the Solarwinds WHD SSL Guide it was not obvious to me how to properly secure WebHelpDesk and so after many hours of trying different things, with some help from this guide, I will be demonstrating the ssl recipe that worked for me.

At my company we already had a proper SSL certificate so I was able to skip a good third of the pdf that discusses in detail the proper way to generate the CSR and to create the certificate. WebHelpDesk recommends the use of a program called Portecle a java based utility that takes your certificates and creates a java keystore (.JKS). This is the file that actually secures Web Help Desk.

These instructions assume that you are securing and creating the .JKS file from an OSX computer. If you have not yet obtained a certificate for your server, you should use Porteclé to generate both a keypair and a CSR to send to the CA. You should then to import the CA Reply certificate. If you already have a certificate, you must import both the certificate and the primary key into the keystore. Porteclé does not allow you to import a primary key by itself, so you must combine it with its certificate in a PKCS#12 file (*.p12 or *.pfx). In each case, the keypair must be aliased as “tomcat,” and both it and the keystore must be protected by the password specified with the KEYSTORE_PASSWORD setting in whd.conf.

We will be assuming that like me you already have an SSL certificate that you want to use, most companies have a wildcard certificate that they can re-use on different servers, since this is reusable you wouldn’t want to generate a new CSR each time which is what you would do if you were using a normal domain level SSL certificate.

Importing an Existing Certificate

Step 1: Creating a PKCS#12 Keystore File from a Private Key and a Certificate

The first thing you need to do is combine the certificate with the intermediate file. The best way to do this is to use the following command.

cat /Users/jbrown/Desktop/ssl/cert.pem /Users/jbrown/Desktop/ssl/intermediate.pem > cert-chain.txt

once done run this command to generate the PKCS#12 file

openssl pkcs12 -export -in /Users/jbrown/Desktop/ssl/cert.pem -inkey /Users/jbrown/Desktop/ssl/key.pem -name 'tomcat' -out keystore.p12

You will be prompted to provide a password for the new keystore, which you will need to provide when importing the keystore into the Web Help Desk Java keystore.

WebHelpDesk uses Tomcat so its important to use that as the name (tomcat) as that is what the system is expecting when parsing the final .JKS file.

Step 2: Download Portecle for Mac

http://Maciej.hell.cx/projects/portecle this is Portecle, it comes down as a .jar file and requires Java to run (Java 1.6+) so be sure that you have it installed on your Mac. When you open Portecle you would choose new Keystore and then choose .JKS. Once done you would import your final key pair that we just generated.