We have a new SolarWinds NPM installation i HA, and we wish to enable SSL web certificate on the VIP IP. What are the steps to accomplish this? can´t seem to find any guides explaining this.
In a normal single node installation we would normally make the CSR from the IIS and import it once signed, and then it would work. but i´m not sure on how to do it in a HA setup.
Can anyone guide me in direction? or maybe have a guide.
Thanks in advance.
You shouldn't need to mess with IIS at all. Simply import the certificate using Windows Certificate Manager and then select the certificate Orion should use as part of the website section of the Configuration Wizard. Repeat this same step on the HA backup.
But to generate the certificate many of the vendors ask for a CSR file, is it any different in the above case, if yes can you please guide me further on this ?
I understand we can install the cert using Windows Cert Manager, but if an SSL cert needs to be generated dont we have to provide a CSR file ?
There are a variety of different ways to generate a CSR. IIS is obviously the easiest, but honestly it can be any IIS server. It doesn't need to be the Orion server if you don't want it to be. You can even generate these on your workstation.
Regardless of where/how you generate the CSR, the proper way of importing the Certificate into Orion once you have it, is through the Configuration Wizard. In an HA pair, that requires failing over to the secondary to run the Configuration Wizard. The alternative way without failing over is to import the certificate into the Windows certificate store directly. Note that you aren't generating two CSRs or handling two different certificates. You will be using the same certificate for both members in an HA pool. Certificates are bound to the virtual name, not individual servers.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.