Install an SSL certificate in ipMonitor
To avoid sending passwords and configuration information over the network in clear text, install a Secure Socket Layer (SSL) certificate.
SSL allows you to securely log in to the ipMonitor web interface from anywhere on the network or Internet and safely exchange account credentials, network paths, machine names and other sensitive information.
You can use ipMonitor without an SSL certificate. However, some features (such as the Credentials Manager) will not be fully enabled unless you are connecting from the ipMonitor host computer. SolarWinds recommends using the ipMonitor Self-Signed Certificate option as a minimum requirement.
ipMonitor is a stand-alone HTTP server. It does not integrate into or require other web server services such as Microsoft Internet Information Services (IIS).
Certificate types must be server certificates that are installed to the Local Machine Store.
Obtain an SSL certificate
Install SSL certificates on the ipMonitor host computer in the Local Machine Store. After the certificate is installed, configure at least one secure IP address and port combination for HTTPS communications.
ipMonitor supports three types of SSL certificates:
- Self-signed certificates
- Trusted Certificate Authority
- Microsoft Certificate Authority
ipMonitor requires one or more assigned IP address and port combinations to enable communication through the HTTP and HTTPS protocols. These are the protocols you use to log in and administrate ipMonitor.
To configure a secure HTTPS interface for ipMonitor:
- Click the Start menu and navigate to SolarWinds ipMonitor > Configure ipMonitor.
In the ipMonitor Configuration Program menu, click Communications: Web Server Ports.
- In the Communications Settings, click Add.
Complete the Add Web Server Port dialog box.
- Select an IP address that is not used by any other application or enter 0.0.0.0 to enable ipMonitor to listen on all available IP addresses.
Enter a port number and select the Enable SSL check box.
Port 443 is the default port number for HTTPS communications.
If additional HTTP services are installed on the server hosting ipMonitor, verify that their IP address and port settings do not conflict with your ipMontor Port settings.
Select the Enable SSL checkbox.
This requires an SSL server certificate to be assigned to your ipMonitor deployment.
ipMonitor begins listening on the new SSL IP address and your selected port.
- Click OK.
When you install ipMonitor for the first time, the application prompts you to automatically generate a self-signed certificate. You can change this selection at any time by using the ipMonitor Configuration program.
Self-signed certificates are economical because they are free. However, self-signed certificates installed by ipMonitor do not include a Trusted Authority that issues and verifies the certificate. As a result, you must instruct your web browser to trust the self-signed certificate installed by ipMonitor.
Trusted Certificate Authority
ipMonitor provides the tools to generate a Certificate Signing Request (CSR) and install a certificate after it is acquired from a Trusted Certificate Authority. Certificates issued by VeriSign, FreeSSL, and InstantSSL are tested and work well with ipMonitor. Prices vary from under a hundred dollars to a few hundred dollars based on the organization. Contact the Trusted Certificate Authority for details and pricing.
Microsoft Certificate Authority
You can request a certificate from a Stand-Alone Certificate Authority using the Microsoft Windows Certificate Services web interface.
Networks that use a Stand-Alone Certificate Authority server require you to submit certificate requests using the web interface provided by the Certificate Authority server. Certificate requests may have to be approved prior to installation. You can obtain policy information from your Network Administrator.
You can request a certificate from an enterprise certification authority using the Microsoft Management Console (MMC) Certificates snap-in. This depends on whether a Certificate Authority server exists in Active Directory. If a Certificate Authority server exists in Active Directory, generate certificate requests from the ipMonitor host computer using the MMC.