Installing trusted SSL
certificates for PRTG
The PRTG Certificate Importer eases the installation of a trusted certificate on your PRTG core server to avoid
the browser SSL certificate warning when you access the PRTG web interface.
PRTG already comes with a default SSL certificate for its web server. With this standard certificate, all traffic between your web browser and your web server is encrypted and you can securely access and use the PRTG web interface via HTTPS. However, this certificate does not match the DNS name or IP address of your PRTG server, so your browser will always show an SSL Certificate Warning when you connect to PRTG.
To avoid this warning, you can use a trusted certificate. If you have a certificate authority (CA) in your network, you can create your own trusted certificate that matches the internal IP address of your PRTG core server. If you access PRTG from external IP addresses or DNS names, you can request a trusted certificate from issuers like GoDaddy, DigiCert, or InstantSSL, and import it into your PRTG installation.
Unfortunately, the manual import of an issued SSL certificate into a PRTG installation is sometimes a bit tricky and uncomfortable. PRTG needs various certificate files that are named correctly and that have the data in the expected encoding and format. It is not always easy to understand which certificate files have to be provided in which format.
So, to ease the installation of a trusted certificate, we provide the free PRTG Certificate Importer. It automatically combines and converts all files issued by a certificate authority (CA) for the use with PRTG and saves the certificate files into the correct path in your PRTG installation. This makes importing a trusted SSL certificate rather comfortable!
And, of course, we would love to hear your feedback about the free PRTG Certificate Importer.
Prerequisites
To get a trusted connection and to avoid the browser warning when you access your PRTG web interface without complicated setup steps, you just need to request a certificate from a valid CA and the PRTG Certificate Importer:
- Obtain a certificate that is valid for your domain name (or IP address) and signed by a valid CA. Request and download the respective CA bundle into a directory on your PRTG core server.
- Download and install the PRTG Certificate Importer on your PRTG core server. See below for the download link.
i You can import certificate files with one of the following formats: .cer, .crt, .der, .p12, .p7b, .pem, .pfx, or .txt (via clipboard). The PRTG Certificate Importer does not support .csr (certificate signing requests) files!
How to Use: 3 Steps to Trusted Connections
We designed the PRTG Certificate Importer to make it as easy as possible for you to install trusted SSL certificates
on your PRTG core server. In the best case, you just provide the path to your downloaded CA bundle and let our
tool do the rest.
Open Paessler Certificate Importer from the Windows Start menu to start the PRTG Certificate Importer and choose the source of your certificate:
- Windows Certificate Store if your certificate was previously imported there.
- Provide a directory if you stored the CA bundle in a local directory.
- Paste from clipboard is the quickest way to import a certificate that you already have open in a text editor.
Click "Next Step" to import the certificate. The PRTG Certificate Importer checks if the provided certificate is valid. If this validation fails, you will see a corresponding error message with the reason. The certificate importer goes on with Step 2 if the private key for the certificate is secured with a password. Otherwise, the importer skips step 2 and jumps directly to step 3.
If the private key is separated from your certificate, the PRTG Certificate Importer asks you to provide the private key that comes along with your certificate files. You can either provide a file that contains your key (can be .key or .txt), or copy and paste it directly. Click "Next Step".
If your private key is passphrase protected, you will be asked to enter the passphrase for your key into the appearing dialog box. Click "OK" to go on.
The PRTG Certificate Importer checks if your certificate and the private key are a valid pair and tests the certificate with an SSL connection. If the verification of the certificate is successful, you can choose the target directory for the certificate.
To work with PRTG, the certificate must be stored in the \cert subfolder of the PRTG program directory.
The PRTG Certificate Importer will automatically move the existing files from the \cert subfolder into a new subdirectory. If anything goes wrong, you can still revert to your old certificates this way.
Click "Finish" to restart the PRTG core server with your new trusted certificate.
When you connect to the PRTG web interface, your browser will not show the
SSL certificate warning anymore.
i This Freeware program is provided free for Paessler customers to install trusted SSL certificates on PRTG web servers. Please understand that we can provide only limited support for this tool.
History
- V19.4.54 (December 12, 2019): Maintenance release
- Compatibility with PRTG 19.4.54 and later
- New versioning system that follows the PRTG versioning
- Installer and executable are now signed to confirm their integrity.
-
V1.0.0 (March 25, 2015): Initial stable release
-
V0.9.15 (February 24, 2015): Initial beta release