Can anyone tell me why SolarWinds SAM requires a certificate and how I can replace a self-signed certificate with a trusted root certificate?
Or is there a reason I wouldn't have to replace the self-signed with a trusted root certificate?
-Jeff
I figured out what I needed to do. I created a new certificate on the node from our internal CA and set up the winrm listener to use that new, CA-issued certificate. No more self-signed untrusted certificates!
Why do you think that SAM requires a certificate?
--
Steven W. Klassen
Programmer Analyst @ Loop1 Systems
http://www.loop1systems.com/
http://www.linkedin.com/in/mrxinu
To verify the identity of the server that SAM is connecting to. But if I have a certificate authority on my network why couldn't I use a certificate generated from there rather than a self-signed certificate? Is there a reason not to do it this way?
Hi jbernstein! Are you getting an error or some message indicating that there's a missing certificate? What component are you using where this is an issue?
I stand corrected, it looks like WinRM uses this when it connects to systems. Check out the script attached to the article below:
AppInsight for IIS: Create certificates - SolarWinds Worldwide, LLC. Help and Support
Thanks to zackm for pointing it out to me.
Thanks, I'm aware of that script.
Is there a way to do this with a trusted root certificate rather than a self-signed personal trust certificate? I know I'm the one doing the signing but I'd like to make the certificate trusted.
Do you have instructions on what you did to change the winrm listener?
Here is another article: https://support.solarwinds.com/?title=Success_Center/Server_%26_Application_Monitor_(SAM)/Unable_to_create_a_self-signed_certificate
Do the following steps on the target server you are monitoring via WinRm to rip and replace the self signed SolarWinds certificate with your own. This applies to both AppInsight for IIS and Exchange.
1.) winrm delete winrm/config/listener?Address=*+Transport=https
2.) Delete the self signed SolarWinds certificate under Personal Store and Intermediate Certificate Authorities.
3.) Deploy valid server certificate from CA to Personal Store.
4.) winrm quickconfig -transport:https
If #4 does not work then you do not have a valid certificate and you need to reevaluate #3.
