Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > How to sign an SSL Certificate in Windows cmd

How to sign an SSL Certificate in Windows cmd

Created by David Clark, last modified by MindTouch on Jun 23, 2016

Views: 1,929 Votes: 0 Revisions: 5


This article describes how you can sign an SSL Certificate in Windows cmd.


All versions of LEM 


  1. SSH into manger with cmc user and by using the ip address and port#32022.
  2. Enter manager in the prompt. 
  3. Enter exportcertrequest in the prompt.
  4. Use PKI tools to sign the certificate sign request (CSR) file.
    1. Get the signed certificate into the PEM format for Java, and save in Base64 bit, chained cert, *.cer format.
    2. Include all of the certificate chain up to the root self-signed CA certificate
      1. First, the signing certificate in PEM format (CA public certificate).
      2. Then, the signed request in PEM format (new LEM certificate, signed by your CA).
    3. To do this on a Windows subordinate CA:
      1. Open a cmd window and execute the following command:
        certreq -submit -attrib "CertificateTemplate:HTTPS" <Request Filename>
      2. Open certsrv.msc, click your CA, then expand the Issued Certificates folder.
      3. In this folder, find the certificate you just issued, double-click to open it, then click the Details.
      4. On the Details tab, click Copy to File…. Choose PKCS #7 format and check the Include all certificates in the certification path if possible checkbox.
      5. Find the resulting .p7b file and double-click to view it. Expand the folders in the left-hand pane down to Certificates.
      6. Right-click and choose Export…, one at a time, each certificate you see listed in the right-hand side. Choose Base-64 encoded X.509 (.CER) format.
    4. Once you have exported all the certificates in the chain you need to concatenate them together, in order from LEM to root CA. Open them all in notepad. Copy the subordinate CA certificate and paste it at the end of the LEM certificate. Copy the root CA certificate and paste it at the end of the LEM+subordinate certificate. Save this file to a network share that your LEM can access.
  5. In the ssh terminal as cmc, enter importcert.
  6. Provide windows share and credentialss to import the combined pem file. New certificates should be imported into keystore and manager restarted.
  7. Once the manager is completely started, open browser tab to manager and view the certificate for verification.
  8. Import the Certificate into your Trusted Root Authority by going to mmc console. 
Last modified