Notification

Icon
Error

SSL certificate for Lansweeper. - How To Create a self-signed SSL certificate for Lansweeper on a Windows system using OpenSSL

Posted: Tuesday, January 29, 2019 6:34:59 PM(UTC)
Bruce Garoutte

Bruce Garoutte

Member Original PosterPosts: 4
1
Like
First you will need to install OpenSSL

1. To create the self-signed SSL certificate first you need to install the OpenSSL application in your windows system. You can download the application from here, https://slproweb.com/products/Win32OpenSSL.html. Be sure to get the full version, not the light one. The light version was missing at least one file necessary to complete this task. Install the software into the default “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.

2. After completing the installation open an administrative command prompt.
Create a directory to store the Certs in, I used “C:\Temp\Lansweeper\SSLCert”, then change to that directory and make a couple of set statements.

>md C:\Temp\Lansweeper\SSLCert
> cd /D C:\Temp\Lansweeper\SSLCert
> set RANDFILE= C:\Temp\Lansweeper\SSLCert\.rnd
> set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg


3. Now launch the openssl.exe by running the command below.

> “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”

Be sure to wrap the command in double quotes (“”).

4. Create the key file for your CA certificate

> genrsa -out can.key 2048

5. Now create the root CA certificate using the key file.

> req -new -x509 -days 1826 -key can.key -out canew.crt

It will ask for some details like Country Name, Sate, City, Organization Name Server FQDN name. FQDN name should be the server name followed by your domain, i.e. ServerName.DomainName.com.

6. Next, generate the public key for your application SSL certificate.

>genrsa -out ianew.key 2048

7. Now create a CSR with the newly created public key “ianew.key”

> req -new -key ianew.key -out ianew.csr

(IF running this line generates the error message about “problem creating object tsa_policy1=”, then you need to REM out the first three “tsa” lines in the “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg” file, and re-run the command.)

It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be the name of your Lansweeper plus your domain name. this is the same as you used in Step 5 above. It will also require a challenge password.

8. It is now time to sign the csr certificate with your root CA certificate which you created in step no 2.

> x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt


9. Create the replacement LansweeperWebsite.pfx certification file from the ianew.crt file you just created.

> pkcs12 -export -out LansweeperWebsite.pfx -inkey ianew.key -in ianew.crt

You will be prompted for the Export Password. Use the same one you used previously.
Now your self-sign certificate is ready. You can find it in the “C:\Temp\Lansweeper\SSLCert” folder that you created in step 2 above.

10. For implementation on your Lansweeper server, Log into your server and stop the IISExpress service.
Navigate to the C:\Program Files (x86)\Lansweeper\IISexpress\Certificate directory, and rename the original certificate from LansweeperWebsite.pfx to LansweeperWebsite.pfx.old.
Copy the LansweeperWebsite.pfx certificate that you created in step 9. above to C:\ Program Files (x86)\Lansweeper\IISexpress\Certificate directory on your Lansweeper server.
Restart the IISExpress service, and test to ensure that users are not receiving a certificate error.



PTWIT
#1PTWIT Member Posts: 3  
posted: 4/17/2019 3:31:15 AM(UTC)
Hi Bruce

I get the following error message after copying the new cert and trying to start the IIS Express service:

“Error 1067: The process terminated unexpectedly”

IIS Error

Any idea? our lansweper version is: 7.1.50.1

Originally Posted by: Bruce Garoutte Go to Quoted Post
First you will need to install OpenSSL

1. To create the self-signed SSL certificate first you need to install the OpenSSL application in your windows system. You can download the application from here, https://slproweb.com/products/Win32OpenSSL.html. Be sure to get the full version, not the light one. The light version was missing at least one file necessary to complete this task. Install the software into the default “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.

2. After completing the installation open an administrative command prompt.
Create a directory to store the Certs in, I used “C:\Temp\Lansweeper\SSLCert”, then change to that directory and make a couple of set statements.

>md C:\Temp\Lansweeper\SSLCert
> cd /D C:\Temp\Lansweeper\SSLCert
> set RANDFILE= C:\Temp\Lansweeper\SSLCert\.rnd
> set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg


3. Now launch the openssl.exe by running the command below.

> “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”

Be sure to wrap the command in double quotes (“”).

4. Create the key file for your CA certificate

> genrsa -out can.key 2048

5. Now create the root CA certificate using the key file.

> req -new -x509 -days 1826 -key can.key -out canew.crt

It will ask for some details like Country Name, Sate, City, Organization Name Server FQDN name. FQDN name should be the server name followed by your domain, i.e. ServerName.DomainName.com.

6. Next, generate the public key for your application SSL certificate.

>genrsa -out ianew.key 2048

7. Now create a CSR with the newly created public key “ianew.key”

> req -new -key ianew.key -out ianew.csr

(IF running this line generates the error message about “problem creating object tsa_policy1=”, then you need to REM out the first three “tsa” lines in the “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg” file, and re-run the command.)

It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be the name of your Lansweeper plus your domain name. this is the same as you used in Step 5 above. It will also require a challenge password.

8. It is now time to sign the csr certificate with your root CA certificate which you created in step no 2.

> x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt


9. Create the replacement LansweeperWebsite.pfx certification file from the ianew.crt file you just created.

> pkcs12 -export -out LansweeperWebsite.pfx -inkey ianew.key -in ianew.crt

You will be prompted for the Export Password. Use the same one you used previously.
Now your self-sign certificate is ready. You can find it in the “C:\Temp\Lansweeper\SSLCert” folder that you created in step 2 above.

10. For implementation on your Lansweeper server, Log into your server and stop the IISExpress service.
Navigate to the C:\Program Files (x86)\Lansweeper\IISexpress\Certificate directory, and rename the original certificate from LansweeperWebsite.pfx to LansweeperWebsite.pfx.old.
Copy the LansweeperWebsite.pfx certificate that you created in step 9. above to C:\ Program Files (x86)\Lansweeper\IISexpress\Certificate directory on your Lansweeper server.
Restart the IISExpress service, and test to ensure that users are not receiving a certificate error.





ChrisF
#2ChrisF Member Posts: 2  
posted: 9/12/2019 5:27:00 PM(UTC)
I had the same issue after switching the certificate, I received the Error 1067 message when trying to re-start the service. To fix the issue:
* Stop the IIS Express service
* Import the new certificate created with OpenSSL to your Trusted Root Certificate store, I used IE.
* Review the certificate you imported and copy the thumbprint from the Details tab to notepad. Delete any spaces in the thumbprint in Notepad.
* In Notepad open up the IISExpressSvc.exe.config.
* Change UseCustomSSLCertificate value from 0 to 1
* Copy/paste the thumbprint information between the double quotes for CertificateThumbPrint
* Save the file
* Start the IIS Express service and you shouldn't get the error.

Active Discussions

Lansweeper Lansweeper custom report
by  Hendrik.VE  
Go to last post Go to first unread
Last post: Today at 10:52:03 AM(UTC)
Lansweeper Total License Utilization
by  Hendrik.VE   Go to last post Go to first unread
Last post: Today at 10:31:05 AM(UTC)
Lansweeper Office 365 Scanning-enabled accts not linked\accessible?
by  Mark F  
Go to last post Go to first unread
Last post: Today at 2:55:09 AM(UTC)
Lansweeper Helpdesk navigation
by  jra0500   Go to last post Go to first unread
Last post: Yesterday at 3:21:55 PM(UTC)
Lansweeper Asset Radar and external/remote IPs
by  gadgetrants  
Go to last post Go to first unread
Last post: Yesterday at 5:25:05 AM(UTC)
Lansweeper Recording history of IP address for device
by  Steven R   Go to last post Go to first unread
Last post: Yesterday at 1:58:33 AM(UTC)
Lansweeper LSAgent Wrong Domains for Users
by  Notonyourradar  
Go to last post Go to first unread
Last post: 4/12/2021 10:13:32 PM(UTC)