Solarwinds, HTTPS, and FQDN

When you first configure a Solarwinds Orion-based server the default website it configures is on port 80 only. You might want to go into IIS and add server bindings for port 443. I prefer to ensure all traffic is encrypted and disable remote access to port 80, but that is subject to your local policy. Don’t disable port 80 completely because sometimes you need to access it from the server console.

Adding HTTPS Support

To add HTTPS support, open IIS Manager on your Solarwinds host, right click on the SolarWinds site and select Edit Bindings.

Edit Bindings

To add HTTPS support, right click on the SolarWinds site in IIS Manager and select Edit Bindings…

Now click the Add… button. Change the type dropdown to https, make sure your port changes to 443, and select the appropriate SSL certificate for your server. I usually use the certificate that the machine already has from Active Directory, but your needs may vary. SSL certificate details are outside the scope of this article. :)

Adding an https binding

Choose add, select https from the type dropdown, and select the approriate SSL certificate.

Click OK and you should now have https available.

I Like FQDN, I Cannot Lie

Something that bugs me about Solarwinds is that out of the box it only uses the hostname for the URL. This isn’t the hostname configured in IIS (which normally doesn’t matter, since most Solarwinds installations won’t be using virtual hosts) but it is the hostname used internally for notifications. If you add the URL to a notification, it’ll only include the hostname. Something like this:

From: [email protected]
To: [email protected]
Subject: router.example.com rebooted at 3/18/2014 6:43 AM

Lastboot: Tuesday, March 18, 2014 6:38 AM
Device:   Catalyst 37xx Stack
IOS:      15.0(1)SE3, RELEASE SOFTWARE (fc1)
Image:  C3750E-UNIVERSALK9-MAcknowledge: http://solarwinds:80/Orion/Netperfmon/AckAlert.aspx

Note the URL at the end there with “solarwinds” as the hostname. Now, that might be acceptable if you are in your office. However, that can cause problems for VPN users and for people who it just plain bugs when they don’t see an FQDN. Fortunately, we can correct this URL problem pretty easily. This is also important if you want to use https, because it allows you to change the URL used in notifications to a secure one.

Change to FQDN

WARNING! Beware that you are editing the database live. You should know what you are doing here and be careful. If you break stuff, it’s not my fault. You have been warned.

To change this behavior you need to launch Database Manager and switch to the Websites table. To edit the fields, you’ll need to click Enable table editing. Now you can change the ServerName field to the FQDN. You also need to set the Port to “443” and SSLEnabled to “1” if you want the system to create proper https URLs. Here’s what mine looks like:

Solarwinds Database Manager

My opinion of a properly configured Solarwinds installation.

 

Enjoy your secure FQDN URLs in your notifications!

FIN