Using LetsEncrypt with ServiceDesk on Linux (version 9400 and above)
I am running ServiceDesk on Linux and I wanted to use LetsEncrypt with ServiceDesk and have a cron job automatically update ServiceDesk when the LE certs were renewed.
There was a lot I found on the internet but I boiled it down to this:
0 - Prerequisites:
a - install a more modern JRE than ServieDesk uses
Because the version ServiceDesk is using does not set itself up in the environment as JAVA_HOME, I felt safe installing another system based JRE. As I am on debian I simply installed the default:
sudo apt install default-jre
Which gave me v11.
b - you already have some form of LetsEncrypt installed and certs generated
I personally use acme.sh (https://github.com/acmesh-official/acme.sh) because it allows me to use my DNS provider's API for domain verification, and allows me to set up wildcards.
1 - Use Open SSL to convert the LE certs to a PKCS12 archive
I ran this in my home directory.
openssl pkcs12 -export \
-in <path and filename of your LE domain certificate> \
-inkey <path and filename of your LE domain certificate key file> \
-out ./<name of the output file. I just used my domain name>.p12 \
-name <your domain name> \
-CAfile <path to your LE domain certificates>ca.cer \
-caname "Let's Encrypt Authority X3" \
-password pass:changeit
-in <path and filename of your LE domain certificate> \
-inkey <path and filename of your LE domain certificate key file> \
-out ./<name of the output file. I just used my domain name>.p12 \
-name <your domain name> \
-CAfile <path to your LE domain certificates>ca.cer \
-caname "Let's Encrypt Authority X3" \
-password pass:changeit
This produces a .p12 file.
2 - import the certificates into a keystore
keytool -importkeystore \
-srckeystore ./<the file from the previous step> \
-srcstoretype PKCS12 \
-srcstorepass changeit \
-destkeystore /data/ManageEngine/ServiceDesk/conf/<whatever you want to call it>.keystore
-deststoretype JKS \
-deststorepass <whatever password you want to use> \
-destkeypass <whatever password you want to use> \
-alias <your domain name>
-srckeystore ./<the file from the previous step> \
-srcstoretype PKCS12 \
-srcstorepass changeit \
-destkeystore /data/ManageEngine/ServiceDesk/conf/<whatever you want to call it>.keystore
-deststoretype JKS \
-deststorepass <whatever password you want to use> \
-destkeypass <whatever password you want to use> \
-alias <your domain name>
3 - configure ServiceDesk for SSL (if you haven't already)
Follow the instruction here: https://help.servicedeskplus.com/introduction/install-ssl.html
just below Step 3b.
- Copy the keystore to <ServiceDesk_Home>/conf
- execute <ServiceDesk_Home>/bin/changeWebServerPort.sh <https port you want> https
- update the name of the keystore and the keystore password in the file <ServiceDesk_Home>/conf/server.xml
5 - restart ServiceDesk
Here are the most useful reference I found: