In this guide, you will learn how to install an SSL certificate on Spiceworks. If you have not applied for a certificate yet, the first part shows you how to generate a CSR code and submit it to the Certificate Authority.
Self-hosted vs. Spiceworks Cloud (read this first)
The steps below apply to the self-hosted Spiceworks application for Windows, which ships its own bundled web server and a pre-installed self-signed certificate. Browsers do not trust self-signed certificates, so admins replace it with one issued by a public Certificate Authority (CA).
Important currency note: the self-hosted Spiceworks line is end of life. The on-premises Spiceworks Desktop Help Desk reached end of support at the end of 2021, and the self-hosted Help Desk Server is no longer maintained. The supported successor is Spiceworks Cloud Help Desk, a hosted SaaS product. On the Cloud version, Spiceworks terminates TLS on its own infrastructure, so there is no certificate for you to generate, upload, or renew, and the procedure below does not apply.
Use this guide only if you are still running an older self-hosted Spiceworks install with the bundled web server. If you are starting fresh or want ongoing updates, move to Spiceworks Cloud Help Desk instead. You will still want valid TLS on your other internal services, and the SSL certificates below work on any standard web server.
Back up the existing certificate
A quick backup of your existing certificate and httpd.conf file saves time if something goes wrong during installation. First, go to your Spiceworks installation path and copy the httpd.conf file to a safe location. By default it lives in:
C:\Program Files (x86)\Spiceworks\httpd\conf
Next, open the \Spiceworks\httpd\ssl folder and make a copy of the existing ssl-cert.pem and ssl-private-key.pem files. If the new certificate does not work, you can restore these and get back to a working state.
Generate the CSR code for Spiceworks
A CSR (Certificate Signing Request) is a block of encoded text that holds your contact details. To apply for an SSL certificate, you submit the CSR to your Certificate Authority. The matching private key is created at the same time. You have two options:
- Use our CSR Generator to create the CSR automatically.
- Follow our step-by-step tutorial on how to generate a CSR for Spiceworks.
During the SSL order process, send the CSR to your Certificate Authority to apply for the certificate. After the CA validates your request and issues the certificate, continue with the installation below.
Install an SSL certificate on Spiceworks
Step 1: Prepare your files
After you submit the CSR, the Certificate Authority emails you the installation files. Download the archive and extract it on your device. You should have your primary SSL certificate and the intermediate certificates (inside a ca-bundle file or as a separate .pem file). Spiceworks expects PEM-encoded files, so if your CA sends the certificate in another format, convert it to PEM first.
Step 2: Shut down Spiceworks
Shut down Spiceworks and keep it offline until you finish the installation. This prevents the service from holding the certificate files open while you replace them.
Step 3: Copy your certificate files to Spiceworks
Copy the three files into the Spiceworks SSL folder and rename them to the exact names Spiceworks looks for. The folder is:
C:\Program Files (x86)\Spiceworks\httpd\ssl
- Copy your primary SSL certificate there and rename it to ssl-cert.pem.
- If your CA provides an intermediate (chain) certificate, copy it to the same folder and rename it to ssl-intermediate.pem.
- Copy your private key (the one generated with the CSR) to the same folder and rename it to ssl-private-key.pem.
Overwrite the existing self-signed files. Because you backed them up in the first step, you can roll back if needed.
Step 4: Edit the httpd.conf file
If you have an intermediate certificate, you have to reference it in httpd.conf. Open the file in a text editor (run the editor as Administrator so you can save changes to Program Files):
C:\Program Files (x86)\Spiceworks\httpd\conf\httpd.conf
Find the SSL section. Add the SSLCertificateChainFile line so it points to your intermediate file, and confirm the certificate and key lines match the names from Step 3. The complete SSL block should look like this:
SSLEngine on
SSLOptions +StrictRequire
SSLProtocol -all +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5
SSLCertificateFile "ssl/ssl-cert.pem"
SSLCertificateKeyFile "ssl/ssl-private-key.pem"
SSLCertificateChainFile "ssl/ssl-intermediate.pem"
Notes on the directives:
- SSLProtocol -all +TLSv1.2: enable TLS 1.2 and disable everything older. The original example also enabled TLSv1 and TLSv1.1, but TLS 1.0 and 1.1 were deprecated in 2021 and should stay off. If your bundled web server build supports it, you can also add +TLSv1.3.
- SSLCertificateFile and SSLCertificateKeyFile: your certificate and the matching private key.
- SSLCertificateChainFile: the intermediate certificate. Remove this line if your CA did not supply one.
Keep the paths in straight double quotes, not curly quotes, or the server will fail to start. Save and close httpd.conf.
Step 5: Launch Spiceworks
Start Spiceworks again. Open the console in your browser over https:// and confirm the padlock shows a trusted certificate with no warning. If the page does not load or the browser still flags the certificate, recheck the file names in Step 3 and the paths and quotes in Step 4. To verify the installed certificate end to end, use our SSL Checker.
If the certificate still does not load after these checks, confirm that the file names in Step 3 match exactly, that the paths and quotes in Step 4 are correct, and that the private key matches the issued certificate. Because the self-hosted product is retired, the old vendor troubleshooting pages are no longer maintained, so keep your backup from the first step on hand in case you need to roll back.
Frequently Asked Questions
No. The on-premises Spiceworks Desktop Help Desk reached end of support at the end of 2021, and the self-hosted Help Desk Server is no longer maintained. The supported product is Spiceworks Cloud Help Desk. The certificate steps in this guide apply only to older self-hosted installs that still use the bundled web server.
No. Spiceworks Cloud Help Desk is hosted by Spiceworks, which manages HTTPS and certificate renewal for you. There is no certificate to generate, upload, or configure on the Cloud version.
On a default Windows install, the certificate and key live in C:\Program Files (x86)\Spiceworks\httpd\ssl as ssl-cert.pem, ssl-private-key.pem, and (if used) ssl-intermediate.pem. The web server configuration is in C:\Program Files (x86)\Spiceworks\httpd\conf\httpd.conf.
Self-hosted Spiceworks ships with a self-signed certificate so it can serve HTTPS out of the box. Browsers do not trust self-signed certificates, so they show a warning. Replacing it with a certificate from a public Certificate Authority, as shown above, removes the warning.
Only if you have an intermediate certificate. If your CA supplied one, add the SSLCertificateChainFile line so the full chain is served. If there is no intermediate file, copying the renamed certificate and key into the \httpd\ssl folder is enough.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


