HDM - Using SSL in HDM Virtual Appliance (LINUX) Environment

Last Modified

Mon Jan 09 18:36 GMT 2023

Description

  • Using SSL in HDM Virtual Appliance (Linux) Environment

Environment

  • Help Desk Manager (Linux Version)
  • N-able N-central

Solution

  • NOTE: If you already have a Signed Certificate, please proceed to step 12.
  1. Log on to the Virtual Appliance using the console or an SSH connection.
  2. Navigate to the HelpDeskManager folder on the virtual appliance located here:
    • /usr/local/HelpDeskManager
  3. Enter the following command:
    • sudo ./bin/jre/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore ./conf/keystore_new.jks
  4. When prompted, enter a new keystore password
    • NOTE: You will need this information for a later step.
  5. Enter the information needed for the new certificate, providing the following information:
    • For example: HelpDeskManager.n-able.com
    • NOTE: If you do not use the domain name for the name, you receive certificate errors.
  6. Your domain name, instead of a first and last name.
    • This information displays to users accessing the Virtual Appliance through a secure connection:
      • The name of your organizational unit
      • The name of your organization
      • The name of your city or locality
      • The name of your state or province
      • Your two letter country code
  7. Enter yes when prompted to confirm your new key information.
  8. When prompted for the key password, enter the keystore password you previously entered.
  9. Enter the following command:
    • sudo ./bin/jre/bin/keytool -certreq -keyalg RSA -alias tomcat -keystore ./conf/keystore_new.jks -file mycertreq.csr
  10. When prompted for the key password, enter the keystore password you entered in step 4 of this procedure.
  11. Submit the CSR to your CA.
  12. After you download the certificate, transfer it to the HelpDeskManager folder on the Virtual Appliance using a file transfer tool (such as WinSCP) and import the CA certificates.
    • Note: The following procedure assumes that root.crt is the name of the downloaded certificate.
  13. Import the Root and/or the intermediate CA.
    • NOTE: Their certificates need to be loaded in order: root first and then the intermediate.
    • sudo bin/jre/bin/keytool -import -trustcacerts -alias root -file /usr/local/HelpDeskManager/root.crt -keystore /usr/local/HelpDeskManager/conf/keystore_new.jkssudo bin/jre/bin/keytool -import -trustcacerts -alias intermed -file /usr/local/HelpDeskManager/root.crt -keystore /usr/local/HelpDeskManager/conf/keystore_new.jks
  14. Import the CA Reply, the signed primary CA for Web Help Desk (tomcat):
    • sudo bin/jre/bin/keytool -import -trustcacerts -alias tomcat -file /usr/local/HelpDeskManager/helpdesk.sample.com.crt -keystore /usr/local/HelpDeskManager/conf/keystore_new.jks
  15. Make a backup and copy the keystore_new.jks file using the following command:
    • sudo cp conf/keystore_new.jks conf/keystore_new.jks.backup
  16. Edit the whd.conf file to specify not to use the default key store:
    • sudo vi conf/whd.conf
    • NOTE: Press i to edit, :w to save edits, :q to quit the editor.
  17. In the keystore settings section of the file, add a value for the KEYSTORE_FILE= setting.
    • KEYSTORE_FILE=/usr/local/HelpDeskManager/conf/keystore_new.jks
  18. Stop HDM by entering:
    • /usr/local/HelpDeskManager/HDM stop
  19. Start HDM by entering:
    • /usr/local/HelpDeskManager/HDM start