Documentation forPatch Manager

Server certificates

Patch Manager uses a 2048-bit security certificate to encrypt all communications between Patch Manager servers and the console sessions.

A single SolarWinds Patch Manager server includes at least two certificates:

  • Certificate installed on the Primary Application Server (PAS) for the certificate authority (CA)
  • Certificate for each server installation (which includes the PAS)

When Patch Manager revokes a certificate, it indicates this action at the beginning of the certificate name. This process occurs when you replace a certificate or uninstall a Patch Manager server. In these cases, you can delete the revoked certificate.

Certificate types

Patch Manager employs two types of certificates: Code-signing and SSL certificates.

Code-signing certificate

This certificate authenticates the identify of a software publisher, providing confidence that a signed piece of software has not been tampered with or altered in any way.

When installed, the certificate applies a digital signature and hashing to verify the integrity of the software package. The certificate can be a self-signed certificate or a certificate generated by a Certificate Authority (CA).

SSL certificates

This certificate establishes a secure HTTPS connection to a website. For example, Patch Manager requires this certificate to establish a secure connection between the Patch Manager server and the Windows Server Update Services (WSUS) server.

See SolarWinds Port Requirements for a list of supported ports.

Delete a Patch Manager certificate

  1. Log in to the Patch Manager Admin Console as an administrator.

  2. In the navigation pane, expand Patch Manager Server System Configuration and select Security and User Management.

  3. In the center pane, click the Server Certificates tab.

  4. Select the certificate you want to delete.
  5. In the Actions pane, click Delete.

  6. When prompted, click Yes.

    The certificate is deleted.

Deploy a Patch Manager certificate using Group Policy

You can deploy a certificate to multiple computers by using the Active Directory Domain Services and Group Policy Object (GPO). This procedure is useful each time a certificate needs to be pushed to clients. For example, you can use this procedure to push a WSUS self-signed or CA-signed certificate to all of your clients before they can trust the published third party packages.

See Deploy certificates using Group policy for details.