Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > How to sign an SSL Certificate in Windows cmd

How to sign an SSL Certificate in Windows cmd

Created by David Clark, last modified by MindTouch on Jun 23, 2016

Views: 1,054 Votes: 0 Revisions: 5

Overview

This article describes how you can sign an SSL Certificate in Windows cmd.

Environment

All versions of LEM 

Steps 

  1. SSH into manger with cmc user and by using the ip address and port#32022.
  2. Enter manager in the prompt. 
  3. Enter exportcertrequest in the prompt.
  4. Use PKI tools to sign the certificate sign request (CSR) file.
    1. Get the signed certificate into the PEM format for Java, and save in Base64 bit, chained cert, *.cer format.
    2. Include all of the certificate chain up to the root self-signed CA certificate
      1. First, the signing certificate in PEM format (CA public certificate).
      2. Then, the signed request in PEM format (new LEM certificate, signed by your CA).
    3. To do this on a Windows subordinate CA:
      1. Open a cmd window and execute the following command:
        certreq -submit -attrib "CertificateTemplate:HTTPS" <Request Filename>
      2. Open certsrv.msc, click your CA, then expand the Issued Certificates folder.
      3. In this folder, find the certificate you just issued, double-click to open it, then click the Details.
      4. On the Details tab, click Copy to File…. Choose PKCS #7 format and check the Include all certificates in the certification path if possible checkbox.
      5. Find the resulting .p7b file and double-click to view it. Expand the folders in the left-hand pane down to Certificates.
      6. Right-click and choose Export…, one at a time, each certificate you see listed in the right-hand side. Choose Base-64 encoded X.509 (.CER) format.
    4. Once you have exported all the certificates in the chain you need to concatenate them together, in order from LEM to root CA. Open them all in notepad. Copy the subordinate CA certificate and paste it at the end of the LEM certificate. Copy the root CA certificate and paste it at the end of the LEM+subordinate certificate. Save this file to a network share that your LEM can access.
  5. In the ssh terminal as cmc, enter importcert.
  6. Provide windows share and credentialss to import the combined pem file. New certificates should be imported into keystore and manager restarted.
  7. Once the manager is completely started, open browser tab to manager and view the certificate for verification.
  8. Import the Certificate into your Trusted Root Authority by going to mmc console. 
Last modified
20:01, 22 Jun 2016

Tags

Classifications

Public