Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM Certificates

LEM Certificates

Updated September 26, 2017


This article explains how to export a cert request, get it signed, and then import the signed cert into your LEM.


  • LEM all versions


Log and Event Manager uses certificates to create a secure connection over port 8443 and to enable TLS in reports for secure connections.
By default LEM uses a pre-made, self-signed certificate.
This article shows how to create a new CA signed certificate and how to enable TLS using the same certificate, either self-signed or CA signed.

Signing a certificate by your Certificate Authority


Creating the public and private key and exporting the certificate request file.


  1. Open a Console Session to the LEM (Vmware or vshpere) or SSH to the LEM on port 32022.
  2. From the console enter the manager menu by typing 'manager' and press enter.
  3. Type 'exportcertrequest' and press enter.
  4. You will be prompted to press enter to continue. Press enter to continue.
  5. Specify a network location to export the certificate request file to and press enter.
  6. Confirm that the share location is accurate and press enter.
  7. Enter the network credentials in the following format domain\user. If the share is authenticated from local credentials and not domain you can just enter the user name.
  8. You will be prompted to use the default parameters. If you select no please see the below steps.
    1.  Enter the Key Length (Either 2048 or 4096)
    2.  Specify the RSA algorithm as SHA512
    3.  Change the DN as needed by your organization


The LEM will now create the Public and Private key internally and Save the certificate request file. The file will be formatted as TNS-HOSTNAME-CertRequest.csr


Requesting a certificate from the Certificate Authority (Microsoft)

Using the web certificate management

1. From the Certificate Authority server, navigate to the certificate website http://localhost/certsrv



2. Select "Request a Certificate".


3. Select "Advanced Certificate Request."




4. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."



5. Open the exported Certificate request in a text editor and paste it into "Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):". Select the appropriate Certificate Template. (This is specific to the templates on your CA and may not be a User template.)


6. Click "Submit".


7.  In the Certificate Issued windows:
     select the Base 64 Encoded radio button
     select the link Download Certificate Chain.


8.  Locate the downloaded certificate, open the certiificate (double-click or right-click & select open).

9.  Right click on each certificate in the chain and export them in Base-64 encoded format.

10. You must combine all files you just exported into a single file. Open a text editor and combine the files into a single file named signed.pem.  The order needs to be LEM signed certificate, subordinate CA 1, subordinate CA 2, etc, root CA.



You now have a fully chained PEM file.


Importing the Certificate Authority Signed PEM file


  1. Open a Console Session to the LEM (VMware or vshpere) or SSH to the LEM on port 32022
  2. From the console enter the manager by typing 'manager' and press enter
  3. type "importcert' and press enter
  4. Specify the network path where the chained pem file you created resides (signed.pem) and press enter
  5. Enter the network credentials in the following format domain\user. If the share is authenticated from local credentials and not domain you can just enter the user name.
  6. Enter your password and confirm it
  7. Enter the name of the pem file (signed.pem)


The LEM will import the certificate chain and should now be using it for communication on port 8443.


In order to import the certificate for use in the Reports Console for TLS follow this article.

Note: As of LEM 6.3.1 do not support Wild Card SSL certificates. However it is planned in future releases.


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.




Last modified