Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Server & Application Monitor (SAM) > SAM - Knowledgebase Articles > Unable to create a self-signed certificate

Unable to create a self-signed certificate

Overview

Unable to create a self-signed certificate.

Environment

All SAM versions

Resolution

Do the following steps to manually create a self-signed certificate:

1. Copy this script to Exchange server.

$IPAddress = Read-Host "Enter the IP Address of the Exchange server"
$ExpDays = "3650"
$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
$name.Encode("$IPAddress_Solarwinds_Exchange_Zero_Configuration", 0)
$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
$key.KeySpec = 1
$key.Length = 1024
$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
$key.MachineContext = 1
$key.Create()
$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
$ekuoids.add($serverauthoid)
$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
$ekuext.InitializeEncode($ekuoids)
$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
$cert.InitializeFromPrivateKey(2, $key, "")
$cert.Subject = $name
$cert.Issuer = $cert.Subject
$cert.NotBefore = get-date
$cert.NotAfter = $cert.NotBefore.AddDays($ExpDays)
$cert.X509Extensions.Add($ekuext)
$cert.Encode()
$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
$enrollment.InitializeFromRequest($cert)
$certdata = $enrollment.CreateRequest(0)
$enrollment.InstallResponse(2, $certdata, 0, "")
2. Open a PowerShell session in Administrator context.
3. Change the directory of the PowerShell session to the location of the PowerShell script.
4. Type the name of the script and then press Enter.
5. When prompted, enter the IP address of the Exchange server and then press Enter.

 

 

Last modified

Tags

Classifications

Public