Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > DameWare Remote Support & Mini Remote Control > Install a Third Party SSL Certificate on the DameWare Internet Proxy

Install a Third Party SSL Certificate on the DameWare Internet Proxy

Table of contents

Overview

This article provides steps to install third party SSL Certificate on the DameWare Internet Proxy.  
The DameWare Internet Proxy installs and binds a self-signed certificate to port 443 for secure communication between the DameWare applications and DameWare agents. If a certificate is already bound to the port, DameWare does not install the self-signed certificate.
Users who do not have the MRC client agent installed on their computers are prompted to download and install either an Internet Session agent or an MRC client agent from the DameWare Internet Proxy. If you use the self-signed certificate, your users will encounter security warnings during the download and install process.
To prevent these security warnings, install and bind a certificate from a certificate authority to port 443 or your designated DameWare Internet Proxy port.

Environment

  • DameWare Remote Support version 11.0 or later
  • DameWare Mini Remote Control version 11.0 or later

Steps

1. After you have received your certificate from a third party certificate authority, log into a DameWare Internet Proxy computer as an administrator.

2.  Run mmc.exe.

a. Click Start.

b. Run mmc.exe.

c. Click File > Add/Remove Snap-in..

d. From the Available snap-ins, select Certificates and click Add.

e. Select your local computer and click Finish.

f. Click OK to go back to the Management console.

3. Copy the certificate to the local certificate store.

4. Double-click the copied certificate, and click Install Certificate.

5. Run services.msc.

6. Stop the DameWare Server service.

7. Open CMD, and run the following command to remove the existing certificate:

netsh http delete sslcert ipport=0.0.0.0:443

8. In the Certificate Manager, view the details of the certificate you installed, and copy the certificate hash.

9. In CMD, run the following command to bind the certificate to the port:

netsh http add sslcert ipport=0.0.0.0:443 certhash=certificate_hash appid={appid-formated_number} certstorename=root

10. After you have received your certificate from a third party certificate authority, log into a DameWare Internet Proxy computer as an administrator.

11. Replace certificate_hash with the certificate hash you copied and replace appid-formated_number with a number in the appid format, such as 00112233-4455-6677-8899-AABBCCDDEEFF.

12. Start the Dameware Server service.

 

Notes:
A certificate for binding must include a private key. A certificate without a private key is rejected by Windows and cannot be used for encryption of communication from the central server and proxy.
Use the following command to delete the certificates:

 

httpcfg delete ssl -i 0.0.0.0:443 -h {certificate_hash}

 

For Windows Server 2003, use the following command to bind the certificate:

httpcfg set ssl -i 0.0.0.0:443 -h {certificate_hash} -c root

 

For Windows 2003, use the following command to bind the certificate:

httpcfg set ssl -i 0.0.0.0:443 -h {certificate_hash} -g "{GUID}"

 

It does not matter what GUID is used as long as it is correctly formatted. See example below:

httpcfg set ssl -i 0.0.0.0:443 -h 2c69dc359dcf42e42d37866096c1505f2ec6c275 -g "{2bb50d9c-7f6a-4d6f-873d-5aee7fb43290}"

 

 

 

 

Last modified
15:58, 22 Dec 2016

Tags

Classifications

Public