cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Bruce_Garoutte
Engaged Sweeper II
First you will need to install OpenSSL

1. To create the self-signed SSL certificate first you need to install the OpenSSL application in your windows system. You can download the application from here, https://slproweb.com/products/Win32OpenSSL.html. Be sure to get the full version, not the light one. The light version was missing at least one file necessary to complete this task. Install the software into the default “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.

2. After completing the installation open an administrative command prompt.
Create a directory to store the Certs in, I used “C:\Temp\Lansweeper\SSLCert”, then change to that directory and make a couple of set statements.

>md C:\Temp\Lansweeper\SSLCert
> cd /D C:\Temp\Lansweeper\SSLCert
> set RANDFILE= C:\Temp\Lansweeper\SSLCert\.rnd
> set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg


3. Now launch the openssl.exe by running the command below.

> “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”

Be sure to wrap the command in double quotes (“”).

4. Create the key file for your CA certificate

> genrsa -out can.key 2048

5. Now create the root CA certificate using the key file.

> req -new -x509 -days 1826 -key can.key -out canew.crt

It will ask for some details like Country Name, Sate, City, Organization Name Server FQDN name. FQDN name should be the server name followed by your domain, i.e. ServerName.DomainName.com.

6. Next, generate the public key for your application SSL certificate.

>genrsa -out ianew.key 2048

7. Now create a CSR with the newly created public key “ianew.key”

> req -new -key ianew.key -out ianew.csr

(IF running this line generates the error message about “problem creating object tsa_policy1=”, then you need to REM out the first three “tsa” lines in the “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg” file, and re-run the command.)

It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be the name of your Lansweeper plus your domain name. this is the same as you used in Step 5 above. It will also require a challenge password.

8. It is now time to sign the csr certificate with your root CA certificate which you created in step no 2.

> x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt


9. Create the replacement LansweeperWebsite.pfx certification file from the ianew.crt file you just created.

> pkcs12 -export -out LansweeperWebsite.pfx -inkey ianew.key -in ianew.crt

You will be prompted for the Export Password. Use the same one you used previously.
Now your self-sign certificate is ready. You can find it in the “C:\Temp\Lansweeper\SSLCert” folder that you created in step 2 above.

10. For implementation on your Lansweeper server, Log into your server and stop the IISExpress service.
Navigate to the C:\Program Files (x86)\Lansweeper\IISexpress\Certificate directory, and rename the original certificate from LansweeperWebsite.pfx to LansweeperWebsite.pfx.old.
Copy the LansweeperWebsite.pfx certificate that you created in step 9. above to C:\ Program Files (x86)\Lansweeper\IISexpress\Certificate directory on your Lansweeper server.
Restart the IISExpress service, and test to ensure that users are not receiving a certificate error.



2 REPLIES 2
WallNY
Engaged Sweeper
I had the same issue after switching the certificate, I received the Error 1067 message when trying to re-start the service. To fix the issue:
* Stop the IIS Express service
* Import the new certificate created with OpenSSL to your Trusted Root Certificate store, I used IE.
* Review the certificate you imported and copy the thumbprint from the Details tab to notepad. Delete any spaces in the thumbprint in Notepad.
* In Notepad open up the IISExpressSvc.exe.config.
* Change UseCustomSSLCertificate value from 0 to 1
* Copy/paste the thumbprint information between the double quotes for CertificateThumbPrint
* Save the file
* Start the IIS Express service and you shouldn't get the error.
PTWIT
Engaged Sweeper II
Hi Bruce

I get the following error message after copying the new cert and trying to start the IIS Express service:

“Error 1067: The process terminated unexpectedly”

IIS Error

Any idea? our lansweper version is: 7.1.50.1

Bruce Garoutte wrote:
First you will need to install OpenSSL

1. To create the self-signed SSL certificate first you need to install the OpenSSL application in your windows system. You can download the application from here, https://slproweb.com/products/Win32OpenSSL.html. Be sure to get the full version, not the light one. The light version was missing at least one file necessary to complete this task. Install the software into the default “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.

2. After completing the installation open an administrative command prompt.
Create a directory to store the Certs in, I used “C:\Temp\Lansweeper\SSLCert”, then change to that directory and make a couple of set statements.

>md C:\Temp\Lansweeper\SSLCert
> cd /D C:\Temp\Lansweeper\SSLCert
> set RANDFILE= C:\Temp\Lansweeper\SSLCert\.rnd
> set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg


3. Now launch the openssl.exe by running the command below.

> “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”

Be sure to wrap the command in double quotes (“”).

4. Create the key file for your CA certificate

> genrsa -out can.key 2048

5. Now create the root CA certificate using the key file.

> req -new -x509 -days 1826 -key can.key -out canew.crt

It will ask for some details like Country Name, Sate, City, Organization Name Server FQDN name. FQDN name should be the server name followed by your domain, i.e. ServerName.DomainName.com.

6. Next, generate the public key for your application SSL certificate.

>genrsa -out ianew.key 2048

7. Now create a CSR with the newly created public key “ianew.key”

> req -new -key ianew.key -out ianew.csr

(IF running this line generates the error message about “problem creating object tsa_policy1=”, then you need to REM out the first three “tsa” lines in the “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg” file, and re-run the command.)

It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be the name of your Lansweeper plus your domain name. this is the same as you used in Step 5 above. It will also require a challenge password.

8. It is now time to sign the csr certificate with your root CA certificate which you created in step no 2.

> x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt


9. Create the replacement LansweeperWebsite.pfx certification file from the ianew.crt file you just created.

> pkcs12 -export -out LansweeperWebsite.pfx -inkey ianew.key -in ianew.crt

You will be prompted for the Export Password. Use the same one you used previously.
Now your self-sign certificate is ready. You can find it in the “C:\Temp\Lansweeper\SSLCert” folder that you created in step 2 above.

10. For implementation on your Lansweeper server, Log into your server and stop the IISExpress service.
Navigate to the C:\Program Files (x86)\Lansweeper\IISexpress\Certificate directory, and rename the original certificate from LansweeperWebsite.pfx to LansweeperWebsite.pfx.old.
Copy the LansweeperWebsite.pfx certificate that you created in step 9. above to C:\ Program Files (x86)\Lansweeper\IISexpress\Certificate directory on your Lansweeper server.
Restart the IISExpress service, and test to ensure that users are not receiving a certificate error.