Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > LEM Certificates

LEM Certificates

Updated September 26, 2017

Overview

This article explains how to export a cert request, get it signed, and then import the signed cert into your LEM.

Environment

  • LEM all versions

Detail

Log and Event Manager uses certificates to create a secure connection over port 8443 and to enable TLS in reports for secure connections.
 
By default LEM uses a pre-made, self-signed certificate.
 
This article shows how to create a new CA signed certificate and how to enable TLS using the same certificate, either self-signed or CA signed.

Signing a certificate by your Certificate Authority

 

Creating the public and private key and exporting the certificate request file.

 

  1. Open a Console Session to the LEM (Vmware or vshpere) or SSH to the LEM on port 32022.
  2. From the console enter the manager menu by typing 'manager' and press enter.
  3. Type 'exportcertrequest' and press enter.
  4. You will be prompted to press enter to continue. Press enter to continue.
  5. Specify a network location to export the certificate request file to and press enter.
  6. Confirm that the share location is accurate and press enter.
  7. Enter the network credentials in the following format domain\user. If the share is authenticated from local credentials and not domain you can just enter the user name.
  8. You will be prompted to use the default parameters. If you select no please see the below steps.
    1.  Enter the Key Length (Either 2048 or 4096)
    2.  Specify the RSA algorithm as SHA512
    3.  Change the DN as needed by your organization

 

The LEM will now create the Public and Private key internally and Save the certificate request file. The file will be formatted as TNS-HOSTNAME-CertRequest.csr

 

Requesting a certificate from the Certificate Authority (Microsoft)

Using the web certificate management

1. From the Certificate Authority server, navigate to the certificate website http://localhost/certsvr

 

2. Select "Request a Certificate".

 

3. Select "Advanced Certificate Request."

 

 

 

4. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."

 

 

5. Open the exported Certificate request in a text editor and paste it into "Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):". Select the appropriate Certificate Template. (This is specific to the templates on your CA and may not be a User template.)

 

6. Click "Submit".

 

7.  In the Certificate Issued windows:
     select the Base 64 Encoded radio button
     select the link Download Certificate Chain.

 

8.  Locate the downloaded certificate, open the certiificate (double-click or right-click & select open).

9.  Right click on each certificate in the chain and export them in Base-64 encoded format.

9. You must combine all files you just exported into a single file. Open a text editor and combine the files into a single file named signed.pem.  The order needs to be LEM signed certificate, subordinate CA 1, subordinate CA 2, etc, root CA.

 

 

You now have a fully chained PEM file.

 

Importing the Certificate Authority Signed PEM file

 

  1. Open a Console Session to the LEM (VMware or vshpere) or SSH to the LEM on port 32022
  2. From the console enter the manager by typing 'manager' and press enter
  3. type "importcert' and press enter
  4. Specify the network path where the chained pem file you created resides (signed.pem) and press enter
  5. Enter the network credentials in the following format domain\user. If the share is authenticated from local credentials and not domain you can just enter the user name.
  6. Enter your password and confirm it
  7. Enter the name of the pem file (signed.pem)

 

The LEM will import the certificate chain and should now be using it for communication on port 8443.

 

In order to import the certificate for use in your browser, if necessary, follow this article.

 

In order to import the certificate for use in the Reports Console for TLS follow this article.

Note: As of LEM 6.3.1 do not support Wild Card SSL certificates. However it is planned in future releases.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 
 
 
 

 

Last modified
12:21, 26 Sep 2017

Tags

Classifications

Public