What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

FeedHow can I import a client certificate to my system certificate store to use with PRTG?

Votes:

0

I want to import a client certificate to my system certificate store. What settings should I use so that PRTG recognizes my certificate?

audit audit-log certificates client-certificate notification-template prtg syslog

Created on Nov 26, 2024 10:26:09 PM by Jacqueline Conforti [Paessler Support]

Last change on Dec 13, 2024 10:00:42 AM by Jacqueline Conforti [Paessler Support]



1 Reply

Accepted Answer

Votes:

0

This article applies as of PRTG 25

Client certificates

You can authenticate a server that connects to PRTG with a client certificate. When you set up client authentication, it increases the security and data integrity of the messages sent from PRTG.

You can authenticate with a client certificate when you use a notification template to send syslog messages via TLS (Setup | Notification Templates | Add Notification Template | Send Syslog Message) or when you send syslogs to a syslog server via the Audit Log feature (Core & Probes | Audit Log).

Note: You can only send audit logs to a syslog server if you have a PRTG 2500 subscription license and up. For more information on how to buy or upgrade a PRTG subscription license, see the Paessler Portal.

PRTG and client certificates

PRTG can access client certificates in two ways:

  1. The client certificate is in your system certificate store.
  2. You enter the client certificate, client certificate key, and optionally, the certificate key password manually in PRTG.

The benefit to using a client certificate in your system certificate store is the convenience when you need to change the client certificate when it expires.

When you use the system certificate store, you can tell PRTG to look for either the certificate's friendly name or thumbprint. If you configure PRTG to use a friendly name, you do not need to reconfigure PRTG again in terms of the client certificate. Instead, you can upload the new client certificate to the system certificate store and give it the same friendly name as the previous client certificate. PRTG finds the new client certificate and uses it immediately.

How to import a client certificate to the system certificate store

In order for PRTG to recognize and use a client certificate from the system certificate store, there are three settings you must use when you upload a new certificate.

  1. Open your system's certificate store. For example, you can run certlm.msc as a command or search for "certificate" in the Windows taskbar. If you use the taskbar, your system should prompt you with three options in settings. Select Manage computer certificates.
    Open system certificate store
    Click to enlarge.
  2. Navigate to the folder where you want to import the client certificate.

    Important: Do not use the Personal folder. If you use the Personal folder, PRTG cannot find your certificate.
  3. On the right-hand side, right click to open the context menu. Select All Tasks | Import.
    Import a certificate
    Click to enlarge.
  4. The Certificate Import Wizard opens. Confirm that you are going to add a certificate to your Local Machine. Click Next.
    Select local machine as the store location.
    Click to enlarge.
  5. Find the client certificate that you want to import and click Next.
    Select a file.
    Click to enlarge.
    Note: If you use a PFX or P12 certificate, make sure that you mark the private key as exportable.
    Select a file.
    Click to enlarge.
  6. Choose if you want Windows to automatically select the location of the certificate store or if you want to define it manually. Click Next.
  7. Click Finish to close the wizard. There is a notification if your import was successful, and you can now see the certificate in the system certificate store.

Set a friendly name

  1. If you want to use a friendly name, navigate to the client certificate in the system certificate store
  2. Right-click the certificate to open the context menu.
  3. Click Properties.
  4. In the general tab, go to the Friendly name setting. Enter a friendly name.
  5. Click OK to save your changes.

You can now use the certificate's friendly name to configure PRTG.

Created on Dec 12, 2024 2:26:39 PM by Jacqueline Conforti [Paessler Support]

Last change on Dec 13, 2024 1:02:48 PM by Jacqueline Conforti [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.