Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > How to sign an SSL Certificate in Windows cmd

How to sign an SSL Certificate in Windows cmd

Created by David Clark, last modified by MindTouch on Jun 23, 2016

Views: 2,256 Votes: 0 Revisions: 5


This article describes how you can sign an SSL Certificate in Windows cmd.


All versions of LEM 


  1. SSH into manger with cmc user and by using the ip address and port#32022.
  2. Enter manager in the prompt. 
  3. Enter exportcertrequest in the prompt.
  4. Use PKI tools to sign the certificate sign request (CSR) file.
    1. Get the signed certificate into the PEM format for Java, and save in Base64 bit, chained cert, *.cer format.
    2. Include all of the certificate chain up to the root self-signed CA certificate
      1. First, the signing certificate in PEM format (CA public certificate).
      2. Then, the signed request in PEM format (new LEM certificate, signed by your CA).
    3. To do this on a Windows subordinate CA:
      1. Open a cmd window and execute the following command:
        certreq -submit -attrib "CertificateTemplate:HTTPS" <Request Filename>
      2. Open certsrv.msc, click your CA, then expand the Issued Certificates folder.
      3. In this folder, find the certificate you just issued, double-click to open it, then click the Details.
      4. On the Details tab, click Copy to File…. Choose PKCS #7 format and check the Include all certificates in the certification path if possible checkbox.
      5. Find the resulting .p7b file and double-click to view it. Expand the folders in the left-hand pane down to Certificates.
      6. Right-click and choose Export…, one at a time, each certificate you see listed in the right-hand side. Choose Base-64 encoded X.509 (.CER) format.
    4. Once you have exported all the certificates in the chain you need to concatenate them together, in order from LEM to root CA. Open them all in notepad. Copy the subordinate CA certificate and paste it at the end of the LEM certificate. Copy the root CA certificate and paste it at the end of the LEM+subordinate certificate. Save this file to a network share that your LEM can access.
  5. In the ssh terminal as cmc, enter importcert.
  6. Provide windows share and credentialss to import the combined pem file. New certificates should be imported into keystore and manager restarted.
  7. Once the manager is completely started, open browser tab to manager and view the certificate for verification.
  8. Import the Certificate into your Trusted Root Authority by going to mmc console. 
Last modified