Posted on by Robin Clarke

Add a Microsoft CA Signed Certificate to PRTG

This post will run through the steps needed to add an SSL certificate to your PRTG server from a Windows Certificate Authority or CA

1. Download open SSL from here.

2. Use the below as your template for the certificate, changing the DNS names to match your systems:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:monitoring, IP:10.10.36.10, DNS: monitoring.domain.com, 

[ req_distinguished_name ]
countryName = UK
stateOrProvinceName = London
localityName = London
0.organizationName = Company
organizationalUnitName = Company
commonName = monitoring.domain.com

 

3. Paste the above into the C:\OpenSSL-Win32\bin\openssl.cfg file (after removing the existing contents).

4. Run the below to create a certificate request from the information you gave above and create a key file:

openssl req -new -nodes -out rui.csr -keyout rui-orig.key -config openssl.cfg

 

5. Convert to RSA with this command:

openssl rsa -in rui-orig.key -out rui.key

 

6. Go to the Microsoft CA and open a command prompt. Put the rui.csr file in a folder you can access on the CA server.

Run the following command:

certreq -submit -attrib "CertificateTemplate:WebServer" rui.csr

 

7. Select the CA:

Add an SSL Certificate to a VMWare vCenter Virtual appliance VCSA using a Windows CA-12

8. Save the certificate as rui.cert

Add an SSL Certificate to a VMWare vCenter Virtual appliance VCSA using a Windows CA-27

9. Open the local computer certificate store by clicking start and typing certlm.msc

10. Export the CA root certificate as Base-64 from the Trusted Root

Add a Microsoft CA Signed Certificate to PRTG

To do this:

Right-click the certificate to export and select All Tasks > Export.
Select options in the Certificate Export Wizard.
Select Base-64 encoded X.509 (.CER) for the file export format.
Provide a location to save the certificate and save as .pem file
Review the settings you selected and click Finish.
The certificate file is saved to the location you indicated.

So now you have :
.cer from CA
.pem from root export
.key from OpenSSL earlier

Add a Microsoft CA Signed Certificate to PRTG-2

Download and run the PRTG certificate importer and select these files.  The PRTG service will restart and the new certificate is installed

Add a Microsoft CA Signed Certificate to PRTG-3

Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *