Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Log & Event Manager (LEM) > How to sign an SSL Certificate in Windows cmd

How to sign an SSL Certificate in Windows cmd

Created by David Clark, last modified by MindTouch on Jun 23, 2016

Views: 1,661 Votes: 0 Revisions: 5


This article describes how you can sign an SSL Certificate in Windows cmd.


All versions of LEM 


  1. SSH into manger with cmc user and by using the ip address and port#32022.
  2. Enter manager in the prompt. 
  3. Enter exportcertrequest in the prompt.
  4. Use PKI tools to sign the certificate sign request (CSR) file.
    1. Get the signed certificate into the PEM format for Java, and save in Base64 bit, chained cert, *.cer format.
    2. Include all of the certificate chain up to the root self-signed CA certificate
      1. First, the signing certificate in PEM format (CA public certificate).
      2. Then, the signed request in PEM format (new LEM certificate, signed by your CA).
    3. To do this on a Windows subordinate CA:
      1. Open a cmd window and execute the following command:
        certreq -submit -attrib "CertificateTemplate:HTTPS" <Request Filename>
      2. Open certsrv.msc, click your CA, then expand the Issued Certificates folder.
      3. In this folder, find the certificate you just issued, double-click to open it, then click the Details.
      4. On the Details tab, click Copy to File…. Choose PKCS #7 format and check the Include all certificates in the certification path if possible checkbox.
      5. Find the resulting .p7b file and double-click to view it. Expand the folders in the left-hand pane down to Certificates.
      6. Right-click and choose Export…, one at a time, each certificate you see listed in the right-hand side. Choose Base-64 encoded X.509 (.CER) format.
    4. Once you have exported all the certificates in the chain you need to concatenate them together, in order from LEM to root CA. Open them all in notepad. Copy the subordinate CA certificate and paste it at the end of the LEM certificate. Copy the root CA certificate and paste it at the end of the LEM+subordinate certificate. Save this file to a network share that your LEM can access.
  5. In the ssh terminal as cmc, enter importcert.
  6. Provide windows share and credentialss to import the combined pem file. New certificates should be imported into keystore and manager restarted.
  7. Once the manager is completely started, open browser tab to manager and view the certificate for verification.
  8. Import the Certificate into your Trusted Root Authority by going to mmc console. 
Last modified