cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Solarwind NPM in HA Web Certificate steps

Hi all.

We have a new SolarWinds NPM installation i HA, and we wish to enable SSL web certificate on the VIP IP. What are the steps to accomplish this? can´t seem to find any guides explaining this.

In a normal single node installation we would normally make the CSR from the IIS and import it once signed, and then it would work. but i´m not sure on how to do it in a HA setup.

Can anyone guide me in direction? or maybe have a guide.

Thanks in advance.

0 Kudos
4 Replies
Product Manager
Product Manager

You shouldn't need to mess with IIS at all. Simply import the certificate using Windows Certificate Manager and then select the certificate Orion should use as part of the website section of the Configuration Wizard. Repeat this same step on the HA backup. 

0 Kudos

Hi aLTeReGo

But to generate the certificate many of the vendors ask for a CSR file, is it any different in the above case, if yes can you please guide me further on this ?

I understand we can install the cert using Windows Cert Manager, but if an SSL cert needs to be generated dont we have to provide a CSR file ?

0 Kudos

There are a variety of different ways to generate a CSR. IIS is obviously the easiest, but honestly it can be any IIS server. It doesn't need to be the Orion server if you don't want it to be. You can even generate these on your workstation.

Regardless of where/how you generate the CSR, the proper way of importing the Certificate into Orion once you have it, is through the Configuration Wizard. In an HA pair, that requires failing over to the secondary to run the Configuration Wizard. The alternative way without failing over is to import the certificate into the Windows certificate store directly. Note that you aren't generating two CSRs or handling two different certificates. You will be using the same certificate for both members in an HA pool. Certificates are bound to the virtual name, not individual servers.

Thank you aLTeReGo, we had discussed this few years ago but couldn't find the thread, that's the reason i thought I would check with you once again, thanks a ton.

0 Kudos