This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

WPM and Self Signed Certificates

I'm trying to create a recording for a website with a self-signed certificate. I get

I've tried adding the FQDN and IP from the machine hosting the website to the Hosts file on the Orion server, as suggested in the WPM documentation, but this doesn't seem to work.

The documentation also suggests to configure the recording to Skip Certificate Authority validation... but doesn't explain how to do this.

Can anyone help?

Thanks -- Brent

  • You can skip this step using the old recorder.

    There's layers to this. Errm...:

    -Your certificate is good if the (CN) names match, the dates are OK, and there's a chain of objects up to a trusted object.

                 (Trusted cert store has like RSA in it, RSA says I trust distributor X, distributor X says I trust service Y)


      -The note you've referenced is a bit weird.

              (Unless there's a integration with HOSTS i'm not aware of) *

        -What it's saying is if you've got a cert that says:

           Name: TotallyLegitService.Company.Local

           and you're accessing: prod-svr-04.company.local/login_page or 192.168.0.99/login_page 

           That will fail trust because they dont match the name. What you can do then is make an entry in your hosts file that goes:

           192.168.0.99 TotallyLegitService.Company.Local

            That way if you navigate to TotallyLegitService.Company.Local you'll get to the place you want to get to, and it will match the name.

        - This actually doesnt do anything for self-signed, or expired or untrusted certificates **. For those you need to do stuff like:

           -Add the signer to trusted

           -give it a new cert

           -give it a not-bad cert

            -Add the cert itself to trusted

            -Add the intermediary-level trust to the intermediary-level group

    There's other articles on this, it's not a solarwinds thing at this point it's generic computer stuff.

    * / ** I'd love it very much  if we could have the option to ignore bad cert stuff in the new recorder. Might need to change that note whereever it came from

  • I'll put an item in the backlog for the engineering team to check on a possible option to just ignore. Thanks!

  • I wound up using the old recorder, thanks for the tip.

  • WPM Recorder like Chrome does not accept self-signed certificates - mainly because their status is Invalid by default. But there is a way to work around it.
    Have you tried to add that self-signed certificate to the Trusted Root CA store?
    Here is an example instruction on how to do it: https://techcommunity.microsoft.com/t5/windows-server-essentials-and/installing-a-self-signed-certificate-as-a-trusted-root-ca-in/ba-p/396105
    but if the certificate is in the Personal store you can just simply copy it from it to the Trusted Root CA store with CTRL+C and CTRL+V. This way the status of such a certificate will be no longer invalid which means that WPM Recorder should no longer display the above navigation error page.