Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > LEM Certificates

LEM Certificates

Overview

LEM Certificates and processes explained    

Environment

  • LEM 5.7 +

Detail

Log and Event Manager uses certificates to create a secure connection over port 8443 and to enable TLS in reports for secure connections.
 
By default LEM uses a pre-made, self-signed certificate.
 
This article shows how to create a new CA signed certificate and how to enable TLS using the same certificate, either self-signed or CA signed.

Signing a certificate by your Certificate Authority

 

Creating the public and private key and exporting the certificate request file.

 

  1. Open a Console Session to the LEM (Vmware or vshpere) or SSH to the LEM on port 32022.
  2. From the console enter the manager menu by typing 'manager' and press enter.
  3. Type 'exportcertrequest' and press enter.
  4. You will be prompted to press enter to continue. Press enter to continue.
  5. Specify a network location to export the certificate request file to and press enter.
  6. Confirm that the share location is accurate and press enter.
  7. Enter the network credentials in the following format domain\user. If the share is authenticated from local credentials and not domain you can just enter the user name.
  8. You will be prompted to use the default parameters. If you select no please see the below steps.
    1.  Enter the Key Length (Either 2048 or 4096)
    2.  Specify the RSA algorithm as SHA512
    3.  Change the DN as needed by your organization

 

The LEM will now create the Public and Private key internally and Save the certificate request file. The file will be formatted as TNS-HOSTNAME-CertRequest.csr

 

Requesting a certificate from the Certificate Authority (Microsoft)

Using the web certificate management

1. From the Certificate Authority server, navigate to the certificate website http://localhost/certsvr

 

2. Select "Request a Certificate".

 

3. Select "Advanced Certificate Request."

 

 

 

4. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."

 

 

5. Open the exported Certificate request in a text editor and paste it into "Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):". Select the appropriate Certificate Template. (This is specific to the templates on your CA.)

 

6. Click "Submit".

 

7.  In the Certificate Issued windows:
     select the Base 64 Encoded radio button
     select the link Download Certificate Chain.

 

8.  Locate the downloaded certificate, open the certiificate (double-click or right-click & select open).

9.  Right click on each certificate in the chain and export them in Base-64 encoded format.

9. You must combine all files you just exported into a single file. Open a text editor and combine the files into a single file named signed.pem.  The order needs to be LEM signed certificate, subordinate CA 1, subordinate CA 2, etc, root CA.

 

 

You now have a fully chained PEM file.

 

Importing the Certificate Authority Signed PEM file

 

  1. Open a Console Session to the LEM (VMware or vshpere) or SSH to the LEM on port 32022
  2. From the console enter the manager by typing 'manager' and press enter
  3. type "importcert' and press enter
  4. Specify the network path where the chained pem file you created resides (signed.pem) and press enter
  5. Enter the network credentials in the following format domain\user. If the share is authenticated from local credentials and not domain you can just enter the user name.
  6. Enter your password and confirm it
  7. Enter the name of the pem file (signed.pem)

 

The LEM will import the certificate chain and should now be using it for communication on port 8443.

 

In order to import the certificate for use in your browser, if necessary, follow this article.

 

In order to import the certificate for use in the Reports Console for TLS follow this article.

Note: As of LEM 6.3.1 do not support Wild Card SSL certificates. However it is planned in future releases.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 
 
 
 

 

Last modified
04:40, 26 Jul 2017

Tags

Classifications

Public