Getting Started > Security enhancements and exceptions > Configure the Orion Web Console to use SSL

Configure the Orion Web Console to use SSL

SolarWinds Orion products supports binding Secure Sockets Layer (SSL) certificates to your Orion server port to enable secure communications with the Orion Web Console.

Due to security concerns, SolarWinds recommends that you disable SSL v3.0 and earlier.

Select the Enable HTTPS option in the Configuration Wizard to bind an existing certificate to your Orion server port or create a certificate for binding. The process is automatic when this option is selected.

To configure your website bindings manually or leave your current website configuration as it is, select Skip website binding in the Configuration Wizard.

  • SolarWinds recommends that you install a certificate from a certificate authority before adding the bindings to the website, and that you enable the certificate auto enrollment group policy to prevent the certificate from generating browser errors.
  • This information refers to SolarWinds products running on Orion Platform version 2017.1. For configuration steps for older versions of the product, see Configure the Orion Web Console for SSL (deprecated).

Use a previously installed SSL certificate

  1. Select Enable HTTPS.
  2. Choose the certificate you want to use. Certificates with a green check mark are least likely to generate browser warnings.
  3. Complete the Configuration Wizard.

The Configuration Wizard enables the Orion Web Console to use SSL for the specified port, adds the website binding to the Orion Web Console, and forces the website to use HTTPS by default.

After the Configuration Wizard is finished, the Orion Web Console opens using HTTPS. If you used a certificate with a green check mark next to it, there should be no browser warnings. If you used a certificate with a yellow warning sign next to it, you may have a browser warning.

Generate a self-signed certificate

You can generate a self-signed certificate directly in the Configuration Wizard.

  1. Select Enable HTTPS.
  2. Scroll to the bottom of the list and select Generate Self-Signed Certificate.
  3. Complete the Configuration Wizard.

A self-signed certificate is issued to the machine host name or fully qualified domain name (FQDN) when the computer is part of a domain, and the certificate is added to the trusted certificate store. After the Configuration Wizard is finished, the Orion Web Console opens using HTTPS.

The certificate authority for self-signed certificates is the computer hosting your Orion server. Depending on your security and group policy settings, the Orion Web Console may generate browser errors because the certificate was not issued by a known certificate authority.

Use SSL after you install an Orion product

You can still use the Configuration Wizard to add the binding to your Orion Web Console after you have installed a SolarWinds Orion product.

You must install an SSL certificate on the Orion server before performing the following steps.

  1. Log in to your Orion server as an administrator.
  2. Run the Configuration Wizard from the Start menu.
  3. Select Configure the website, and click Next.
  4. Clear the Skip website binding option.
  5. Select Enable HTTPS.
  6. Choose the installed certificate. If the certificate does not show in the list, review how certificates are categorized.

Certificate categories

Green

The certificate is valid and should not generate browser warnings. Certificates are marked green if they meet one or more of the following criteria:

  • The certificate's Issued To (CN) field fully matches the server's FQDN
  • The certificate's Issued To (CN) field partially matches the server's FQDN using wildcards
  • The certificate's Issued To (CN) field partially matches the server's FQDN

Yellow

The certificate can be used, but may generate browser warnings. Certificates are marked yellow if they meet one of the following criteria, ordered from least likely to most likely to generate browser errors:

  • Self-signed certificates where the Issued To and Issued By fields match the server's FQDN
  • Certificates issued to the IP address instead of the host name or FQDN
  • Certificates issued to a computer with different hostname

Invalid certificates

Some certificates are not valid. Client certificates or certificates that have expired or use an untrusted certificate authority are invalid and do not display on the list.