Create a self-signed certificate
SolarWinds offers a PowerShell script to create a self-signed certificate suitable for AppInsight for Exchange. This can be found at: Self-signed Certificate PowerShell script for AppInsight for Exchange. If you choose not to download this script, you can create your own self-signed certificate with the following instructions and code:
- To create a self-signed certificate using PowerShell and CertEnroll, open PowerShell in the Run as Administrator context.
- Enter the following code:
-
Configure AppInsight for Exchange by clicking Configure Server.
The CN (Subject) should be in the following format:
"<IP Address of Server>_Solarwinds_Exchange_Zero_Configuration"
For Example:"10.199.15.106_Solarwinds_Exchange_Zero_Configuration"
$name = new-object -com "X509Enrollment.CX500DistinguishedName.1" $name.Encode("CN=TestServer", 0) $key = new-object -com "X509Enrollment.CX509PrivateKey.1" $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider" $key.KeySpec = 1 $key.Length = 1024 $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" $key.MachineContext = 1 $key.Create() $serverauthoid = new-object -com "X509Enrollment.CObjectId.1" $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") $ekuoids = new-object -com "X509Enrollment.CObjectIds.1" $ekuoids.add($serverauthoid) $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" $ekuext.InitializeEncode($ekuoids) $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1" $cert.InitializeFromPrivateKey(2, $key, "") $cert.Subject = $name $cert.Issuer = $cert.Subject $cert.NotBefore = get-date $cert.NotAfter = $cert.NotBefore.AddDays(3650) $cert.X509Extensions.Add($ekuext) $cert.Encode() $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1" $enrollment.InitializeFromRequest($cert) $certdata = $enrollment.CreateRequest(0) $enrollment.InstallResponse(2, $certdata, 0, "")