Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Log & Event Manager (LEM) > How to sign an SSL Certificate in Windows cmd

How to sign an SSL Certificate in Windows cmd

Created by David Clark, last modified by MindTouch on Jun 23, 2016

Views: 229 Votes: 0 Revisions: 5


This article describes how you can sign an SSL Certificate in Windows cmd.


All versions of LEM 


  1. SSH into manger with cmc user and by using the ip address and port#32022.
  2. Enter manager in the prompt. 
  3. Enter exportcertrequest in the prompt.
  4. Use PKI tools to sign the certificate sign request (CSR) file.
    1. Get the signed certificate into the PEM format for Java, and save in Base64 bit, chained cert, *.cer format.
    2. Include all of the certificate chain up to the root self-signed CA certificate
      1. First, the signing certificate in PEM format (CA public certificate).
      2. Then, the signed request in PEM format (new LEM certificate, signed by your CA).
    3. To do this on a Windows subordinate CA:
      1. Open a cmd window and execute the following command:
        certreq -submit -attrib "CertificateTemplate:HTTPS" <Request Filename>
      2. Open certsrv.msc, click your CA, then expand the Issued Certificates folder.
      3. In this folder, find the certificate you just issued, double-click to open it, then click the Details.
      4. On the Details tab, click Copy to File…. Choose PKCS #7 format and check the Include all certificates in the certification path if possible checkbox.
      5. Find the resulting .p7b file and double-click to view it. Expand the folders in the left-hand pane down to Certificates.
      6. Right-click and choose Export…, one at a time, each certificate you see listed in the right-hand side. Choose Base-64 encoded X.509 (.CER) format.
    4. Once you have exported all the certificates in the chain you need to concatenate them together, in order from LEM to root CA. Open them all in notepad. Copy the subordinate CA certificate and paste it at the end of the LEM certificate. Copy the root CA certificate and paste it at the end of the LEM+subordinate certificate. Save this file to a network share that your LEM can access.
  5. In the ssh terminal as cmc, enter importcert.
  6. Provide windows share and credentialss to import the combined pem file. New certificates should be imported into keystore and manager restarted.
  7. Once the manager is completely started, open browser tab to manager and view the certificate for verification.
  8. Import the Certificate into your Trusted Root Authority by going to mmc console. 
Last modified