Fought with this a bit using our internal CA. This link is helpful: https://www.poweradmin.com/help/pa-server-monitor-8-3/report_other_ssl_cert.aspx
Following along in the create your own new certificate section:
New step 4
The Client.cnf file failed to include the SANs for us, so cert errors would result. If you save the text below at the bottom as Client.cnf in the C:\Program Files\PA Server Monitor\CA\NewCert NewCert folder after updating it with your information, the CSR will contain the SANs listed in the DNS.1, DNS.2 boxes (make sure not to leave any trailing spaces in the Client.cnf file.)
Open <code>C:\Program Files\PA Server Monitor\CA</code> in windows explorer
Create a folder inside CA named NewCert.
Copy Client.cnf from below into NewCert folder.
Note that depending on the SSL provider that you use, the subjectAltName field might be ignored which is where additional machine names are mentioned.
Open a command prompt and change directory to
cd "C:\Program Files\PA Server Monitor\CA\NewCert"
Run the following to tell OpenSSL where to find your configuration file (do NOT use quotes, even if there are spaces in the path):
set OPENSSL_CONF=C:\Program Files\PA Server Monitor\CA\NewCert\client.cnf
Then run the following to actually create the Certificate Signing Request file (also known as a CSR file). DO use quotes if there are spaces in the path:
"C:\Program Files\PA Server Monitor\openssl.exe" req -newkey rsa:2048 -keyout "C:\Program Files\PA Server Monitor\CA\NewCert\CLIENT_PRIVATE.pem" -keyform PEM -out "C:\Program Files\PA Server Monitor\CA\NewCert\CLIENT_CERT.csr" -outform PEM -rand "C:\Program Files\PA Server Monitor\openssl.exe"
This will create two new files:
CLIENT_CERT.csr -- this is the Certificate Signing Request file that you will send/copy to the SSL certificate vendor (like Verisign, GlobalSign, etc)
CLIENT_PRIVATE.pem -- this is the private key file for this certificate. This file will need to remain on the server, but should be kept private.
Open CSR with notepad - copy text
After step 8
Get Base 64 certnew.cer file from https://YOUR_SUBCA_FQDN/certsrv/
Copy certnew.cer into NewCert folder
Convert .cer to .pem
"C:\Program Files\PA Server Monitor\openssl.exe" x509 -in certnew.cer -outform PEM -out SIGNED_CLIENT_CERT.pem
copy
C:\Program Files\PA Server Monitor\CA\NewCert\SIGNED_CLIENT_CERT.pem
and
C:\Program Files\PA Server Monitor\CA\NewCert\CLIENT_PRIVATE.pem
into the CA folder
You can optionally delete the NewCert folder at this point.
Restart the PA Server Monitor service and it will now be using your SSL certificate.
[req]<br>
input_password = PrivatePW000<br>
output_password = PrivatePW000<br>
distinguished_name = req_distinguished_name<br>
req_extensions = v3_req<br>
prompt = no<br>
[req_distinguished_name]<br>
C = Country Code<br>
ST = State<br>
L = City<br>
O = Organization<br>
OU = Org Unit<br>
CN = FQDN of server<br>
[v3_req]<br>
keyUsage = keyEncipherment, dataEncipherment<br>
extendedKeyUsage = serverAuth<br>
subjectAltName = @alt_names<br>
[alt_names]<br>
DNS.1 = example.yourdomain.com<br>
DNS.2 = example<br>
