Certificate management
On this page
Introduction
SolarWinds Service Desk (SWSD) certificate management supports multiple types of certificates: wildcard, single domain, and multi-domain.
(SWSD) Enterprise Service Management (ESM) supports multiple service providers and their unique sub-domains. As a result, it also supports multiple certificates. You must have the certificates necessary to cover all service providers before you can create a service provider account.
Navigation
ITSM customers | ESM customers |
---|---|
Setup > Account > Certificate Management | Organization > Setup > Account > Certificate Management |
Before you begin
Be aware:
SSL certificates. If you are using your own domain, the sub-domain must be covered by an SSL certificate and uploaded.
Multiple certificates. You cannot have multiple published certificates with the same CNAME. That is, you can have only one certificate to cover a single host. For example, if you are using *mycompany.com, that certificate also covers it.mycompany.com.
Limitation per certificate. A single certificate can have up to 100 hosts.
Access limitations.
-
Only one administrator at a time can make changes in Certificate Management until that person clicks Reset or Publish.
-
The Certificate Management section is locked while it is publishing.
Publishing. All actions are only candidates for publication until you click Publish.
Renewing certificates. If you are renewing a certificate, SolarWinds recommends:
-
The publishing process may take up to 48 hours so, it is important to get a replacement certificate and upload/publish it before your old one expires. When you get your new certificate, ensure the dates overlap a couple days or weeks so you can swap them early to avoid outages.
-
Do not delete the old certificate without following the instructions in Step 3: Publish a new/renewed certificate.
Certificates management index page
The Certificates management page provides two types of information. Select the appropriate tab to switch between them.
The Certificates tab
The Certificates tab provides a list of all your certificates. This includes those currently in use on your production environment and those you have uploaded as candidates for publishing and deleting.
Actions you can perform
The buttons available on the Certificates tab are:
-
Upload. Prepare your certificate for upload with private key RSA2048. The Upload button adds your new certificate to the list of candidates for upload and sets the state to Pending Upload.
-
Reset. Undo all pending changes; reset the index to its previous state. For example, if you delete a certificate and its state changes to Pending Delete, you could then change it back to its previous state by clicking Reset.
-
Publish. Publish all changes with a pending state.
Certificate states
Certificates listed in the Certificates tab each have one of the states below. They are all candidates for publication, meaning that when you click the Publish button SWSD will perform the pending action for all entries in the list.
State | Description |
---|---|
Verified | The certificate is deployed to the firewall and is verified/validated. |
Not Verified | The certificate is deployed to the firewall. Although it could not be verified/validated, it can still be used. |
Pending Upload | Indicates that the upload of your certificate is pending until the next publish. |
Pending Delete | Indicates that the deletion of your certificate is pending until the next publish. |
The Certificate Requests tab
The Certificate Requests tab is where you generate a certificate signing requests (CSR). Alternatively, you can use any tool you want and then upload your certificate through the Certificates tab.
Advance notice of expiring certificates
Administrators see a blue banner at the top of every page they visit in SWSD when a certificate is about to expire. The banner displays the first time 45 days before the certificate expiration date and remains until the updated certificate is published.
In addition to an email notification sent to administrators announcing the upcoming expiration, the banner notice can help you prevent your account from becoming unexpectedly blocked or unavailable due to an expired certificate. See Steps for publishing certificates.
Steps for publishing certificates
Step 1: Generate a certificate request
-
From the Certificates management index page, select the Certificate Requests tab.
-
Click Request CSR.
-
Select the appropriate type of request: Single domain or Multiple domains.
-
Provide the information for your organization.
-
Click Generate CSR.
The information for your Certificate Request displays.
-
Copy the Certificate Request information and provide it to your certificate authority.
-
Click Close.
The certificate request displays on the Certificate Request tab until you attach your SSL certificate. (See Step 2: Upload a signed SSL certificate.)
Step 2: Upload a signed SSL certificate
After receiving your signed SSL certificate, you need to upload it.
To upload a new certificate:
-
From the Certificates management index page, select the Certificate Requests tab.
-
Select the relevant Certificate request and click Attach Certificate.
-
Either copy/paste your key and certificate information or drag & drop the certificate file.
-
Click Update.
You are redirected to the Certificates tab, where you can see the status of your certificate as Upload Pending.
Step 3: Publish a new/renewed certificate
For a new or renewed certificate to be deployed to the firewall, its state on the Certificates tab must first be Pending Upload. An expired certificate must be deleted to show Delete Pending before you can publish its renewed version.
To publish:
-
From the Certificates management index page, select the Certificates tab.
-
Review the list of certificates and notice those with a pending state. See Certificate states.
If you have renewed a certificate, be aware that you cannot have multiple published certificates with the same CNAME.
You also need follow the instructions below to set the old one to Pending Delete, and then upload the new one and publish it.To set a certificate to Pending Delete, in the Actions column, click the ellipsis to the right of the selected certificate and select Delete.
Non-ESM customers do not see the column named Service Provider Name.The state changes to Pending Delete.
-
Click Publish.
When you click Publish, SWSD performs all actions identified as pending on the Certificates tab. For example, after your expired certificate shows as Pending Delete and your renewed certificate shows as Pending Upload, when you click Publish the expired certificate is removed from the firewall and the renewed certificate is published.