Hi Bruce
I get the following error message after copying the new cert and trying to start the IIS Express service:
“Error 1067: The process terminated unexpectedly”
Any idea? our lansweper version is: 7.1.50.1
I get the following error message after copying the new cert and trying to start the IIS Express service:
“Error 1067: The process terminated unexpectedly”
Any idea? our lansweper version is: 7.1.50.1
Bruce Garoutte wrote:
First you will need to install OpenSSL
1. To create the self-signed SSL certificate first you need to install the OpenSSL application in your windows system. You can download the application from here, https://slproweb.com/products/Win32OpenSSL.html. Be sure to get the full version, not the light one. The light version was missing at least one file necessary to complete this task. Install the software into the default “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.
2. After completing the installation open an administrative command prompt.
Create a directory to store the Certs in, I used “C:\Temp\Lansweeper\SSLCert”, then change to that directory and make a couple of set statements.
>md C:\Temp\Lansweeper\SSLCert
> cd /D C:\Temp\Lansweeper\SSLCert
> set RANDFILE= C:\Temp\Lansweeper\SSLCert\.rnd
> set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
3. Now launch the openssl.exe by running the command below.
> “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”
Be sure to wrap the command in double quotes (“”).
4. Create the key file for your CA certificate
> genrsa -out can.key 2048
5. Now create the root CA certificate using the key file.
> req -new -x509 -days 1826 -key can.key -out canew.crt
It will ask for some details like Country Name, Sate, City, Organization Name Server FQDN name. FQDN name should be the server name followed by your domain, i.e. ServerName.DomainName.com.
6. Next, generate the public key for your application SSL certificate.
>genrsa -out ianew.key 2048
7. Now create a CSR with the newly created public key “ianew.key”
> req -new -key ianew.key -out ianew.csr
(IF running this line generates the error message about “problem creating object tsa_policy1=”, then you need to REM out the first three “tsa” lines in the “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg” file, and re-run the command.)
It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be the name of your Lansweeper plus your domain name. this is the same as you used in Step 5 above. It will also require a challenge password.
8. It is now time to sign the csr certificate with your root CA certificate which you created in step no 2.
> x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt
9. Create the replacement LansweeperWebsite.pfx certification file from the ianew.crt file you just created.
> pkcs12 -export -out LansweeperWebsite.pfx -inkey ianew.key -in ianew.crt
You will be prompted for the Export Password. Use the same one you used previously.
Now your self-sign certificate is ready. You can find it in the “C:\Temp\Lansweeper\SSLCert” folder that you created in step 2 above.
10. For implementation on your Lansweeper server, Log into your server and stop the IISExpress service.
Navigate to the C:\Program Files (x86)\Lansweeper\IISexpress\Certificate directory, and rename the original certificate from LansweeperWebsite.pfx to LansweeperWebsite.pfx.old.
Copy the LansweeperWebsite.pfx certificate that you created in step 9. above to C:\ Program Files (x86)\Lansweeper\IISexpress\Certificate directory on your Lansweeper server.
Restart the IISExpress service, and test to ensure that users are not receiving a certificate error.
