Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To bind a certificate follow the instructions below:

  1. Export a private key using Key Store Explorer.
  2. Run the following command in CMD as Administrator:

    Code BlockLaunch the keyStore Explorer application as an Administrator.
  3. Open the keystore file used for the IDERA Dashboard. When prompted for a password, enter password, and click OK.
  4. Right-click on the keypair and select Export> Export Private Key.

    Image Added

  5. On the Export Private Key Type window, select OpenSSL, and click OK.
  6. On the Export Private Key as OpenSSL from Keystore Entry window, deselect the Encript option, update the Export File if needed, and click OK.

    Image Added

    Note

    Steps 6 - 9 can be performed on a different computer. These steps are related to the OpenSSL tool, which is not required to be intalled on the server hosting the IDERA products.

  7. Install OpenSSL.
    Info

    You can find a few options available to obtain the software at https://wiki.openssl.org/index.php/Binaries.

  8. Once you complete the installation of OpenSSl, run the Command Promt as Administrator.
  9. Change the directory to the bin folder within the installation directory of OpenSSL. Enter the following command:

    Code Block
    cd "C:\Program Files\OpenSSL-Win64\bin"
  10. Use the following command as an example to generate the PFX key using the private key and certificate that was previously created.

    Code Block
    openssl pkcs12 -export -out <output_certificate_name><file path to the new personal information exchange file>.pfx -inkey <key_name><file path path to private key>.key -in <certificte_name><file path to certificate>.cer

    You need the private key generated in the previous step and the CER certificate created in Resolving the certificate error message.

    Import the generated PFX certificate in the Personal folder under the Certificate store

    Execute the command, and when prompted for a password, enter password for both the export password and the verification password. You will be able to see the newly created PFX key.

    Note

    The following steps must be perfomed on the server hosting the IDERA Dashboard and the IDERA SQL Inventory Manager.

  11. Open the Microsoft Management Console (MMC) and load the Certificates snap-in.
    a. Select Run from the Start menu, enter mmc, and click OK.
    Image Added

    b. On the MMC window, from the File menu, select Add/Remove Snap-in. The Add or Remove Snap-in windows displays.
    c. From the Available snap-ins list, choose Certificates, then select Add.
    Image Added

    d. In the Certificate snap-in window, select Computer Account, and click Next.
    e. In the Select Computer window, leave Local computer selected, and click Finish.
    f. In the Add or Remove Snap-in window, select Ok.
    Image Added

  12. Expand Certificates and locate the Personal folder.
  13. Right-click on the Personal folder and select All Tasks> Import.
    Image Added

  14. Use the Certificate Import Wizard to import the PFX file that was previously created.
  15. Retrieve the thumbprint of the

    PFX certificate, for information on how to do this refer to Retrieving a Thumbprint.

    Remove any existing bindings from Inventory Manager 2.6 REST service SSL port 9276, run the following command in CMD as Administratorimported PFX key.
    a. Double-click on the imported PFX key.
    b. On the Certificate window, go to the Details tab.
    c. Scroll through the list of fields and click Thumbprint.
    d. Copy the hexadecimal characters from the box. If this thumbprint is used in code for the x509FindType, remove the spaces between the hexadecimal numbers.

    Note

    Follow the steps to find GUID for the IDERA SQL Inventory Manager software here https://4sysops.com/archives/find-the-product-guid-of-installed-software-with-powershell/.

  16. Run the Command Promt as an Administrator and delete existing bindings to the IDEA SQL Inventory Manager Rest Service port 9276, executing the following command:

    Code Block
    netsh http delete ssl 0.0.0.0:9276
  17. Add a new binding for Inventory Manager 2.6 running the following command in CMD as Adminstrator:Run the Command Promt as an Administrator and bind the new PFX key by using the commands below.

    Code Block
    netsh 
    http 
    add sslcertssl ipport=0.0.0.0:9276 certhash=<certificate<thumbprint hash> of the PFX key (with spaces removed)> appid=<random GUID> clientcertnegotiation=enable
  18. You may create a BAT file to run on startup of Windows, and make sure the certificate is applied when the server starts up, if the service is restarted. The content of the BAT file is the following:
    NET START SQLInventoryManagerRestService
    TIMEOUT /T 10
    netsh http sslcert ipport=0.0.0.0:9276
    certhash=<thumbprint of the PFX key (with spaces removed)>
    appid=<random GUID>
    Configure the service to have a Manual start up so the BAT file will start the service.

    Image Added

To add a certificate to the Trusted Root Certification Authorities store in Windows, refer to Manage Trusted Root Certificates.

...