HTTPS for SQL Monitor using a self-signed certificate

Remmer

Due to some strange AD related issues, I have been asked to try using Open ID authentication for SQL Monitor. This requires using HTTPS instead of HTTP.

I have created a self-signed certificate, installed it and put it under the "Trusted Root Certificate Authorities" on the machine hosting the web service.

I updated the kestrel config file accordingly.

<?xml version="1.0" encoding="utf-8"?>

<configuration>

  <kestrel>

    <endpoints>

      <http>

        <url>http://*:8080</url&gt;

      </http>

      <https>

        <url>https://*:30443</url&gt;

        <certificate>

          <path>C:/Install/certs/wild.fpc.local-2023-03-07-095823.p12</path>

  <password>replaced_password</password>

        </certificate>

      </https>

    </endpoints>

  </kestrel>

</configuration>

But when trying to access the page, I get a NET:ERR_CERT_AUTHORITY_INVALID error in MS EDGE. Looking at the Certificate in EDGE it states that "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store" - but I thought I already did that in certmgr. Is there somewhere else that I need to install it than the server hosting the web service?

In Chrome, I can ignore the error and proceed to the webpage which works as usual (except for the "Not secure" bit at the top of the browser).

dkim1999

Hi there,

Thank you for reaching out about SQL Monitor.

The most likely cause of this is that you likely don't have a CA signed certificate installed in your SQL machines trusted root store.

This site explains how to install a trusting root certificate: https://docs.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate.

It is possible to bypass it if you don't need one: https://stackoverflow.com/questions/17615260/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted-when-conn (at your own risk, obviously).

Kind Regards,

David K

Product Support

Remmer

Hi David,

Thanks for answering my comment.

It is not quite clear to me which machine needs the root certificate installed.

My setup is:

Server A (hosts the SQL database)
Server B (hosts the kestrel web server and the base monitor)
Citrix machine (hosts the web browser that is used to connect to the web service on server B.

On Server B I have already installed the *.fpc.local certificate in the Local Computer/Trusted Root Certificate Authorities - does it need to be installed elsewhere?

dkim1999

Hi there,

I apologize for the delayed response.

You should only need the certificate installed on your Server B which hosts the Web Service and Base Monitor Service.

Kind Regards,

David K

Product Support Engineer