Adding a third party ssl certificate to WHD running Centos

Version 1

    There have been a few similar posts, but none of them individually helped me to find the correct method to do this.


    I have a company wide wild card ssl certificate issued by Network Solutions. I wanted to use this certificate on my installation of WHD which is running on Centos 7. Anytime you are prompted for a password, you MUST use the same password that is contained in whd.conf file. The default is 'changeit'. Use the following command to view this password on your system:

              cat /usr/local/webhelpdesk/conf/whd.conf | grep KEYSTORE_PASS


    1. First I made myself a working directory in my home directory. From this point I will call that path <working directory>.

    2. I copied all of my files there from my CA. You will need these files: Certificate <domain>.crt, Private Key <domain>.key and the intermediate files or chain <domain>.chain.

    3. Combine the private key file with the chain file. I called mine <domain>.keychain. Be sure to replace <domain> with the proper filenames for your install!

              cat <domain>.key <domain>.chain > <domain>.keychain

    4. Create a keystore file from the certificate and the "keychain" file you created above.

              openssl pkcs12 -export -in <domain>.crt -inkey <domain>.keychain -name 'tomcat' -out keystore.p12

    5. Change to WHD directory.

              cd /usr/local/webhelpdesk

    6. Stop WHD:

              /etc/init.d/webhelpdesk stop

    7. List the current keys stored there:

              bin/jre/bin/keytool -list -keystore conf/keystore.jks

    8. Delete keys owned by tomcat:

              bin/jre/bin/keytool -delete -alias tomcat -keystore conf/keystore.jks

    9. Import the keystore from your working directory:

              bin/jre/bin/keytool -importkeystore -deststorepass changeit -destkeystore conf/keystore.jks -srckeystore <working directory>/keystore.p12 -srcstoretype PKCS12

    10. Restart WHD.

              /etc/init.d/webhelpdesk restart


    Not too bad once you figure it out!