PRTG Manual: Using Your Own SSL Certificate with the PRTG Web Server
This section gives you a brief overview of how to use your own trusted Secure Sockets Layer (SSL) certificate files with the PRTG web server.
This only applies to PRTG Network Monitor, not to PRTG Hosted Monitor.
What is SSL/TLS?
PRTG supports SSL/TLS to secure all data that you enter and that PRTG shows in the PRTG web interface, in PRTG Desktop, or in the PRTG apps for iOS or Android. This ensures that no sensitive information can be intercepted when sending data between the PRTG core server and your client software.
By default, PRTG is delivered with an SSL certificate so you can use secure connections to your PRTG core server. However, this is a self-signed certificate, which is why browsers show an SSL certificate warning when you try to access the PRTG web interface. Despite this warning, your connection is still completely secure. For more information, see Knowledge Base: Why does my browser show an SSL certificate warning when I open the PRTG web interface?
To remove the browser warning, you can obtain a certificate that is valid for your own domain name and signed by a valid certificate authority (CA). You must provide the certificate in a suitable format and you must correctly import it into your PRTG core server.
There are many different issuers for certificates, and there are different formats in which certificates are provided. PRTG needs three different correctly named files that contain data in the expected encoding and format. This can make manually importing an issued certificate slightly complicated because there are various certificate files that you must retrieve from a CA. So, to ease the installation of a trusted certificate, we provide the freeware tool PRTG Certificate Importer.
PRTG Certificate Importer automatically combines and converts all files that a CA bundle contains for use with PRTG and stores the certificate files under the correct path on your PRTG core server. At best, you only provide the path to your received CA bundle and let the tool do the rest. We strongly recommend that you use PRTG Certificate Importer if you want to install a trusted certificate for PRTG.
For more information about this tool and a download link, see the Paessler website: PRTG Certificate Importer.
Although we recommend that you use PRTG Certificate Importer, you can still manually import your trusted certificate. If you do so, note that PRTG requires three different certificate files in a Privacy-Enhanced Mail (PEM) encoded format, and an unencrypted private key:
- prtg.crt: This is the certificate for your PRTG core server. It must be stored in PEM-encoded format.
- prtg.key: This is the private key that matches your server certificate. It must be stored in PEM-encoded format and must not be encrypted. Make sure that you provide this file in decrypted format. The best way to check this is to open the file in a text editor. If you find a line containing the word ENCRYPTED, the file still needs to be decrypted before you can use it with PRTG. Decrypt it using an SSL tool and your key password.
- root.pem: This is the public root certificate of your certificate's issuer. It must be stored in PEM-encoded format and must contain all necessary root certificates of your issuer in one file. If there is more than one PEM-encoded root certificate, use a text editor to copy all of them into a single file. The order does not matter.
PEM-encoded files must not contain Unix line breaks. Only Windows line breaks are supported.
Copy these three files to the \cert subfolder of the PRTG program directory (back up files before) on the PRTG core server and restart the PRTG core server service (see section PRTG Administration Tool on PRTG Core Server Systems).
The PRTG core server service is not able to start if the files are not provided in the exact format expected.
If you use remote probes, make sure that you copy the same certificates to the \cert subfolder of the PRTG program directory on each remote probe and restart the PRTG probe service (see section PRTG Administration Tool on Remote Probe Systems).
For detailed instructions and examples, installation descriptions for various certificates (including Wildcard certificates), as well as links to certificate tools and converters, see section More.
How can I establish a secure web interface connection to PRTG?
How can I use a trusted SSL certificate with the PRTG web interface?
Why does my browser show an SSL certificate warning when I open the PRTG web interface?
PRTG Certificate Importer
- Active Directory Integration
- Application Programming Interface (API) Definition
- Filter Rules for Flow, IPFIX, and Packet Sniffer Sensors
- Channel Definitions for Flow, IPFIX, and Packet Sniffer Sensors
- Define IP Address Ranges
- Define Lookups
- Regular Expressions
- Calculating Percentiles
- Add Remote Probe
- Failover Cluster Configuration
- Data Storage
- Using Your Own SSL Certificate