Enabling HTTPS Support for the Hedvig WebUI

To start the Hedvig WebUI with the HTTPS protocol, you must get a certificate and convert it to JKS (Java keystore format).


  1. Acquire or generate a certificate [self-signed or signed with a valid CA (Certificate Authority)].

  2. Convert the certificate to Java keystore format (.jks) with openssl. When prompted, use hedvig as the password.

    openssl pkcs12 -export -chain -in hsn01.netops.cert.pem -inkey hsn01.netops.key.pem -out keystore.p12 -name HV-Server -CAfile ca-chain.cert.pem
    keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -alias HV-Server -deststoretype pkcs12
  3. Copy the keystore file to the Hedvig Server root path, and name it /keystore.jks.

    scp keystore.jks root@blue3:/usr/local/hedvig/hblock/keystore.jks
  4. Modify the <Storage> section in the /usr/local/hedvig/hblock/storage-conf.xml file, as follows:

  5. Point the browser to the server's https port, for example:


    If the certificate is self-signed, or has a CA that is not publicly trusted, then the web browser will give you a warning.

  6. Restart the HBLOCK services, as follows:

    [root@node1 hblock]# service hedvighblock stop
    [root@node1 hblock]# service hedvighblock start