4 Replies Latest reply on Jun 10, 2009 1:50 PM by bshopp

    SSL Certificates

      Currently our Orion web site is set to accept client certificates. We need to be able to move this up a level so the site requires a valid client certificate which is currently not supported. Can this functionality be added ?

      This was the response to our support request ---------------

      I got onto the DEV Team and found out that there is not a way for
      our site to "Require Certificate".

      The current Orion website architecture does not directly support requiring client certificates. The asp.net site must make http requests to the asp site and it has no mechanism for propagating client certificates.

      If IIS is configured to require client certificates, these local requests to the
      asp site will be rejected.
        • Re: SSL Certificates

          I'm working with a DoD Client who also Requires client certificates and must Enable certificate trust list in IIS Properties.  With the move to .NET in v9.5 has this been resolved?  I didn't notice anything in the Release notes.  Thanks!


            • Re: SSL Certificates

              It should work fine with Orion NPM 9.5, except for Report Scheduler.

              There’s a workaround: set up two IIS websites pointing to the same \Inetpub\SolarWinds directory. One for localhost only that does not require client certificates for use by Report Scheduler running locally, and a second website bound to the server’s public IP that does require client certificates.

                • Re: SSL Certificates


                  On a related note, I'm looking for the SW site to automatically redirect people to SSL.  I don't want anyone on my website using straight http.

                  My current workaround is to create a .ASP redirect page, and do a little trickery with the IIS configuration.  I'd like SW to include this as an option so I can just hit a checkbox in the configuration and restart the website.  The problem with my workaround is that it breaks software updates, and I have to disable it, and re-do it every time I update the software.

                  This is small in terms of development, yet big in terms of functionality.