So far so good. However, now one might bump into the error message ‘There is a problem with this website's security certificate’.
Simply because the self signed certificate has the FQDN of the server where the Savision Web Console runs from. However, the URL used doesn’t have the FQDN but only the NETBIOS name of that server. So now the security of the browser kicks in, telling you the certificate doesn’t match with the URL you used:
This is a nagging issue which keeps on coming back. So basically there are two solutions:
- You buy a SSL certificate from a well known CA (they come cheap nowadays);
- Or, when you have a CA (based on Microsoft technology) in place, create a Domain Certificate with the NETBIOS name as Common Name instead.
Option 1 is to be advised when the Savision Web Console will be published on the internet or internal security requirements demand it. Option 2 is to be used only when the Savision Web Console will be used internally.
And of course, you could also disable SSL. But that’s a bad idea all together. After all, SCOM collects sensitive data and you don’t want to send that unencrypted over your network…
Already in 2010 I blogged how to secure the SCOM 2007 R2 Web Console with SSL by using a Domain Certificate. So when Option 2 is at play here for you, simply read that posting and of you go.
With Option 1, you most certainly have the CA where you buy your certificates from. Simply buy a SSL certificate and use ONLY the NETBIOS name of the server hosting the Savision Web Console as the Common Name for the SSL certificate.
So now we have a new certificate, whether we used option 1 or 2. So how to attach it to the Savision Web Console? This is very easy, simply follow these 3 steps:
- Start a RDP session with the server hosting the Savision Web Console and log on with an account which has local admin permissions. Start IIS Manager;
- Go to [SERVER NAME] > Sites > Live Maps 2012 Web Console > click right > Edit Bindings > Select the one and only SSL binding, it looks like this:
- > Edit > under the header SSL Certificate: there is a drop down menu. Select the new SSL certificate (in this example I created a Domain Certificate named MS01 SSL For Savision Web Console)
Click OK > Close.