Submit a ticketCall us

AnnouncementsCome see SolarWinds at VMUG Frankfurt

SolarWinds is delighted to attend the upcoming VMUG which will take place at Kap Europa in Frankfurt on June 19th, 2018.

See event details.

Home > Success Center > Orion Platform > Orion - Knowledgebase Articles > Certificate errors when accessing the Orion Web Console

Certificate errors when accessing the Orion Web Console

Updated Feb 10, 2017

Overview

You may encounter certificate errors when accessing the Orion Web Console, even if you have successfully set up SSL bindings using the Configuration Wizard.

If you investigate the logs, an event similar to the following appears in the Windows application log:

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 24/10/2016 12:49:10
Event ID: 4108
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: ...
Description:
Successful auto delete of third-party root certificate:: subject [certificate name and hash]

Environment

Any product running Orion Platform 2017.1, such as

  • NPM 12.1
  • SAM 6.4

Cause 

When you generate a self-signed certificate through the Configuration Wizard, the operating system may delete it because it is considered a third-party generated certificate. This happens when you use a group policy that automatically updates the root certificates.

Resolution

There are two options:

  • Modify the group policy
  • Generate a self-signed certificate through IIS Manager

Modify the group policy

  1. Login to the Orion server as an administrator or login to the domain controller.
  2. Open the local Group Policy Editor (Orion server) or Group Policy Management (domain controller).
    • For the local Group Policy Editor, press Windows key + R, and enter gpedit.msc 
    • For Group Policy Management, press Windows key + R, and enter gpmc.msc
  3. Open Internet Communication Settings.
    • For the local Group Policy Editor, click Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
    • For Group Policy Management, click Group Policy Objects, edit the enabled Group Policy, and then click Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
  4. Enable Turn off Automatic Root Certificate Update.

Run the Configuration Wizard again to bind the Orion Web Console to a certificate.

Generate a self-signed certificate

  1. Login to the Orion server as an administrator.
  2. Open IIS Manager.
  3. Open Server Certificates, and click Create Self-Signed Certificate from the actions menu.
  4. Complete the certificate wizard.

Run the Configuration Wizard again to bind the Orion Web Console to this certificate.

 

Last modified

Tags

Classifications

Public