Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Orion Platform > Certificate errors when accessing the Orion Web Console

Certificate errors when accessing the Orion Web Console

Updated Feb 10, 2017

Overview

You may encounter certificate errors when accessing the Orion Web Console, even if you have successfully set up SSL bindings using the Configuration Wizard.

If you investigate the logs, an event similar to the following appears in the Windows application log:

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 24/10/2016 12:49:10
Event ID: 4108
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: ...
Description:
Successful auto delete of third-party root certificate:: subject [certificate name and hash]

Environment

Any product running Orion Platform 2017.1, such as

  • NPM 12.1
  • SAM 6.4

Cause 

When you generate a self-signed certificate through the Configuration Wizard, the operating system may delete it because it is considered a third-party generated certificate. This happens when you use a group policy that automatically updates the root certificates.

Resolution

There are two options:

  • Modify the group policy
  • Generate a self-signed certificate through IIS Manager

Modify the group policy

  1. Login to the Orion server as an administrator or login to the domain controller.
  2. Open the local Group Policy Editor (Orion server) or Group Policy Management (domain controller).
    • For the local Group Policy Editor, press Windows key + R, and enter gpedit.msc 
    • For Group Policy Management, press Windows key + R, and enter gpmc.msc
  3. Open Internet Communication Settings.
    • For the local Group Policy Editor, click Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
    • For Group Policy Management, click Group Policy Objects, edit the enabled Group Policy, and then click Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
  4. Enable Turn off Automatic Root Certificate Update.

Run the Configuration Wizard again to bind the Orion Web Console to a certificate.

Generate a self-signed certificate

  1. Login to the Orion server as an administrator.
  2. Open IIS Manager.
  3. Open Server Certificates, and click Create Self-Signed Certificate from the actions menu.
  4. Complete the certificate wizard.

Run the Configuration Wizard again to bind the Orion Web Console to this certificate.

 

Last modified
10:20, 14 Feb 2017

Tags

Classifications

Public