Installing new SSL certificate on SCOM 2012 R2


Installing new SSL certificate on SCOM 2012 R2


1- Create a setup information file for use with the CertReq command-line utility

To create a setup information “RequestConfig.inf.” in order to utilize for cert requests

[NewRequest]
Subject="CN=<FQDN of computer you are creating the certificate, for example, the gateway server or management server.>"
Exportable=TRUE
KeyLength=2048
KeySpec=1
KeyUsage=0xf0
MachineKeySet=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
--------------------
Add additional OIDs here
-------------------

An OID is a numeric value that identifies the application or service for which a certificate is used and is automatically attached to a certificate when it is created by a certificate authority (CA). For example, certificates used for client authentication use the OID 1.3.6.1.5.5.7.3.2.

To view OIDs:
Run | mmc add the certificates Snap-in| Personal |Certificates
Select current certificate | Right click and click on properties
You can also right click and Open
Details |Enhanced Key Usage

Here is what you will see:

Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
IP security IKE intermediate (1.3.6.1.5.5.8.2.2)
Unknown Key Usage (1.3.6.1.5.5.7.3.17)
2- Create a certificate Request from .inf file

 CertReq –New –f RequestConfig.inf CertRequest.req


Once you receive the certificate save as .p7b 


3 -To install the certificate run the following command:

certreq -accept cert.p7b


4- Import the certificate for SCOM to utilize
The SCOM certificate are stored here 
Run | mmc | add the certificates Snap-in Certificates:

Expand Operations Manager| Certificates.

You must delete the expired certificate first

If you do not find SupportTools folder in SCOM’s directory below
%Drive%\Program Files\Microsoft System Center 2012 R2\Operations Manager\ 
You can copy it from installation media and then use the MOMCertImport.exe within

Navigate to run MOMCertImport.exe command
%IDrive%\Program Files\Microsoft System Center 2012 R2\Operations Manager\SupportTools\AMD64
MOMCertImport /SubjectName %computername%


SCOM generates a certificate for one year

Comments

Post a Comment

Popular posts from this blog

SCORCH 2016 Migration issue: an error occurred saving the activity to the data store Please check the orchestrator management service trace logs

Issue  After migrating to System Center Orchestrator 2016,  you encounter this error: An error occurred saving the activity to the data store Please check the orchestrator management service trace logs  The Management Service log (C:\ProgramData\Microsoft System Center 2012\Orchestrator\ManagementService.exe\Logs) contains only thes line for every attempt 2015-10-15 12:45:02 [3752] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) 2015-10-15 13:16:09 [3176] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) 2015-10-15 13:17:21 [3176] 1 COpalisManager::ModifyObject::CheckAccess (HRESULT=0x80070005) Cause This happens because the Runbook has an Email activity with attachment. This is a known bug with System Center Orchestrator 2016. Workaround If you only have few runbooks with  Email activity with attachment .you can perfrom these 2 workarounds: 1)  You need to remove the attachements and re-add in order to ch...
Read more

Useful Orchestrator T-SQL Queries

In this article, I will share some useful T-SQL queries for Orchestrator 2012. --List all active Runbooks in your environment SELECT       [Name]       FROM [Orchestrator].[dbo].[POLICIES]   where [Deleted] = '0' --Find Runbook/Parameter GUIDs for Web Service call Select lower(POLICIES.UniqueID) as RunbookID, lower(CUSTOM_START_PARAMETERS.UniqueID) as ParameterID, CUSTOM_START_PARAMETERS.value From POLICIES INNER JOIN OBJECTS  on POLICIES.UniqueID = OBJECTS.ParentID LEFT OUTER JOIN CUSTOM_START_PARAMETERS on OBJECTS.UniqueID = CUSTOM_START_PARAMETERS.ParentID Where POLICIES.Name = 'CloseIncident' and policies.deleted = 0 --List  Runbooks are currently running SELECT J.[RunbookId], P.[Name], A.[Computer] FROM [Orchestrator].[Microsoft.SystemCenter.Orchestrator.Runtime.Internal].[Jobs] J INNER JOIN [dbo].POLICIES P ON J.RunbookId = P.UniqueID INNER JOIN [dbo].[ACTIONSERVERS] A ON J.RunbookServerId = A.UniqueID WHER...
Read more

Error in Orchestrator Web console and Web Service after moving Database

Image
I encountered these errors with Orchestrator Web console and Web Service Web console Errors: 1) Error executing the current operation [Arg_SecurityException] [ httpWebRequest_WebException_RemoteServer] Arguments: NotFound Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem 2) Error executing the current operation. Web Service Error: Orchestrator server encountered an error processing the request. The exception message is 'Keyword not supported: 'server'.'. See server logs for more details This happened after moving the database server. However, I have used the same process to fix issues with Web Console after a new installation. I updated the Data Store Configuration and the connection string in IIS Manager. This was recommended by this post: https://social.technet.microsoft.com/Forums/en-US/c3afc430-5811-4c8c-a797-79c98459d792/console-fails-to-open-error-executi...
Read more