PRTG Manual: Using Your Own SSL Certificate with the PRTG Web Server
This section gives you a brief overview on how to use your own trusted SSL certificate files with the PRTG web server.
This only applies to PRTG on premises instances, not to PRTG hosted by Paessler.
What is SSL?
PRTG supports Secure Sockets Layer (SSL) to encrypt all data entered and shown in the Web Interface, in the Enterprise Console, or in the Smartphone Apps. This ensures that no sensitive information can be intercepted when sending data between the PRTG core server and your client software.
By default, PRTG is delivered with an SSL certificate so you can use secure connections to your PRTG core server. However, these certificate files are not signed by a valid authority, which is why browsers show an SSL Certificate Warning when you try to access the web interface. Despite this warning, your connection is still encrypted successfully.
To remove the browser warning, you can obtain a certificate that is valid for your own domain name and signed by a valid authority. You can request your own trusted certificate from an issuer like GoDaddy, DigiCert, or InstantSSL, for example. The certificate must be provided in a suitable format and you have to import it correctly for your PRTG server.
There are many different issuers for certificates, and there are different formats certificates can be provided in. PRTG needs three different files, named correctly, containing data in the expected encoding and format. This can make the manual import of an issued certificate slightly complicated, because there are various certificate files that you must retrieve from a certificate authority (CA). So, to ease the installation of a trusted certificate, we provide the freeware tool PRTG Certificate Importer.
The PRTG Certificate Importer combines and converts all files that a CA bundle contains automatically for the use with PRTG and stores the certificate files into the correct path on your PRTG server. In the best case, you just provide the path to your received CA bundle and let the tool do the rest. We strongly recommend that you use the PRTG Certificate Importer if you want to install a trusted certificate for PRTG!
For more information about this tool and a download link, see the Paessler website: PRTG Certificate Importer
Although we recommend that you use the PRTG Certificate Importer because it is much more comfortable, you still can import your trusted certificate manually. If you do so, please note that PRTG requires three different certificate files in a PEM encoded format and an unencrypted private key:
- prtg.crt: This is the certificate for your PRTG server. It has to be stored in PEM encoded format.
- prtg.key: This is the private key matching your server certificate. It has to be stored in PEM encoded format and may not be encrypted! Please make sure that you provide this file in decrypted format! The best way to check this is to open the file in a text editor. If you find a line containing the word "ENCRYPTED", the file still needs to be decrypted before you can use it with PRTG. Please decrypt using an SSL tool (for example, OpenSSL) and your key password.
- root.pem: This is the public root certificate of your certificate's issuer. It has to be stored in PEM encoded format and must contain all necessary root certificates of your issuer in one file. If there is more than one PEM encoded root certificate, please use a text editor to copy all of them into a single file (the order does not matter).
PEM encoded files must not contain Unix line breaks! Only Windows line breaks are supported.
Once ready, copy these three files to the /cert subfolder of your PRTG program directory (please back up existing files) and restart your PRTG core server service (see section PRTG Administration Tool).
PRTG services will not be able to start if the files are not provided in exactly the expected format!
For detailed instructions and examples, installation descriptions for various certificates (including Wildcard certificates), as well as links to certificate tools and converters, see section More below.
Freeware Network Tools: PRTG Certificate Importer—Installing Trusted SSL Certificates for PRTG Network Monitor
Knowledge Base: How can I establish a secure web interface connection to PRTG?
Knowledge Base: How can I use a trusted SSL certificate with the PRTG web interface?
- Active Directory Integration
- Application Programming Interface (API) Definition
- Filter Rules for xFlow, IPFIX, and Packet Sniffer Sensors
- Channel Definitions for xFlow, IPFIX, and Packet Sniffer Sensors
- Define IP Ranges
- Define Lookups
- Regular Expressions
- Add Remote Probe
- Failover Cluster Configuration
- Data Storage
- Using Your Own SSL Certificate
- Calculating Percentiles