Securing Web Help Desk with SSL
After reading the Solarwinds WHD SSL Guide it was not obvious to me how to properly secure WebHelpDesk and so after many hours of trying different things, with some help from this guide, I will be demonstrating the ssl recipe that worked for me.
At my company we already had a proper SSL certificate so I was able to skip a good third of the pdf that discusses in detail the proper way to generate the CSR and to create the certificate. WebHelpDesk recommends the use of a program called Portecle a java based utility that takes your certificates and creates a java keystore (.JKS). This is the file that actually secures Web Help Desk.
These instructions assume that you are securing and creating the .JKS file from an OSX computer. If you have not yet obtained a certificate for your server, you should use Porteclé to generate both a keypair and a CSR to send to the CA. You should then to import the CA Reply certificate. If you already have a certificate, you must import both the certificate and the primary key into the keystore. Porteclé does not allow you to import a primary key by itself, so you must combine it with its certificate in a PKCS#12 file (*.p12 or *.pfx). In each case, the keypair must be aliased as “tomcat,” and both it and the keystore must be protected by the password specified with the KEYSTORE_PASSWORD setting in whd.conf.
We will be assuming that like me you already have an SSL certificate that you want to use, most companies have a wildcard certificate that they can re-use on different servers, since this is reusable you wouldn’t want to generate a new CSR each time which is what you would do if you were using a normal domain level SSL certificate.
Importing an Existing Certificate
Step 1: Creating a PKCS#12 Keystore File from a Private Key and a Certificate
The first thing you need to do is combine the certificate with the intermediate file. The best way to do this is to use the following command.
cat /Users/jbrown/Desktop/ssl/cert.pem /Users/jbrown/Desktop/ssl/intermediate.pem > key.pemonce done run this command to generate the PKCS#12 file
openssl pkcs12 -export -in /Users/jbrown/Desktop/ssl/cert.pem -inkey /Users/jbrown/Desktop/ssl/key.pem -name 'tomcat' -out keystore.p12You will be prompted to provide a password for the new keystore, which you will need to provide when importing the keystore into the Web Help Desk Java keystore.
WebHelpDesk uses Tomcat so its important to use that as the name (tomcat) as that is what the system is expecting when parsing the final .JKS file.
Step 2: Download Portecle for Mac
https://Maciej.hell.cx/projects/portecle this is Portecle, it comes down as a .jar file and requires Java to run (Java 1.6+) so be sure that you have it installed on your Mac. When you open Portecle you would choose new Keystore and then choose .JKS. Once done you would import your final key pair that we just generated.
NOTE: If your keystore already contains a default, unsigned ‘tomcat’ certificate, delete it before importing your PKCS#12 file.
Thats it, once done upload the .JKS file to your WHD conf folder and change the path in your whd.conf file to point to the proper file and make sure the password you chose in the above step matches the one you chose for the keystore.
Parts of this walkthrough were taken from the Solarwinds SSL PDF, the point of this is to simplify the setup process for those who may feel that the document is over complex for their needs as it goes over so many different scenarios. I find that since most people use wildcard certs this would be a simpler walkthrough that goes through the steps in the proper order.
Portecle for Mac was my biggest stumbling block, the document talks about opening Portecle but doesn’t really outline how that works with all the different versions. WHD has Windows, RedHat and Mac versions and while you can trigger the .jar file to open the program you first need to have it installed.
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.06 · Low AI Influence
Summary
A step-by-step guide to securing WebHelpDesk with SSL certificates using Portecle on a Mac.
Related Posts
What is the Managed App Store & Why you need it
--- Many people discount the importance of running app level updates on your computers. Programs like Chrome, Firefox and Adobe Creative Suite all have built it update utilities that will look for and apply critical security and functional updates from their respective development teams. Part of the job of software vendors is providing quality assurance meaning they are testing their software to make sure that it is stable and usable for their users. However little is known about how each vendor actually tests their software. Many only test on newer...
Moment Helps You Gauge Your iPhone Use
Smartphone addiction is real. Do you check your iPhone before you get out of bed? During family dinners? Right before you go to sleep? Constantly during the day even when you’re on vacation? If you—or your family members—feel that you're disappearing into your phone too often or at inappropriate times, it may be time to do something about it. Consider how this behavior affects your relationships and daily routines – are you missing out on quality time with loved ones or neglecting responsibilities because of your phone use?
Block Telemarketing Calls Automatically on Your iPhone
Junk calls are one of the great annoyances of the modern world. You're minding your own business when your iPhone vibrates in your pocket. You pull it out, curious as to who's calling, but don't recognize the number. You may notice that it's in the same exchange as your phone number, suggesting that it's a neighbor. Often these calls are nothing more than automated messages or telemarketers trying to sell you something.
HomePod Preorders Begin, Smart Speaker Ships Feb 9
Apple has started preorders for its new HomePod as of yesterday. Priced at $349, the audio accessory focuses on delivering high-quality sound, offers integration with Siri's AI capabilities, and provides access to Apple Music's vast library of 45 million songs. The device is designed to work seamlessly within existing Apple ecosystems, allowing users to control it with their iPhone or iPad.
How to Use Apple Pay Cash on Your Apple Watch
After you install watchOS 4.2, you will see on your paired iPhone with iOS 11.2 installed, an Apple Pay Cash option within the Watch app's Wallet settings. To enable it, simply toggle the switch to "ON". You'll then be prompted to sign in with your Apple ID to complete the setup process.
Move your Photos library to an External drive
Sometimes whether it is for backup purposes or for hosting, you will want to move your photos stored in your Apple Photos application library on your Mac to an external drive instead of the startup boot drive. This can help free up space and reduce clutter on your main drive. Making the change is simpler than you think, as long as you follow a few straightforward steps.
Does your iPhone battery need to be replaced?
Earlier this week we reported that Apple had acknowledged some iPhones are being throttled to prevent unexpected shutdowns. This admission came after a class-action lawsuit was filed against the company, alleging that it intentionally slowed down older devices to encourage users to upgrade to newer models. See our previous post for more information on this development.
Our Top 5 free macOS App picks for 2017
It is the season for giving, and we're happy to share some of our free apps with you. Here's a rundown of what's available to install on your Mac:
Don’t think you need Accessibility help with your iPhone?
Apple has made accessibility for differently abled people a cornerstone of iPhones and iDevices since 2007, and most of us never bother to explore these controls on our iPhone unless there is a specific need. These features are often hidden in plain sight, buried beneath layers of default settings and user interfaces that cater to the majority.
High Sierra using APFS breaks Boot Camp switching
If like me you use the Boot Camp Control panel in Windows to restart your Mac into High Sierra and you are using an SSD drive for High Sierra, you may or may not notice that you can no longer choose your Macintosh startup disk in the Boot Camp Control Panel in Windows. This change is likely due to a limitation in the integration between Boot Camp and High Sierra on an SSD, but I haven't been able to find any official documentation confirming this.
