05 May 2009

SCOM/OPSMGR: Web Application: Untrusted CA


  • You created a web application which use https (SSL)
  • The checkbox “monitor SSL health” is checked
  • When you log on the watcher node and call the same pages, you don't have any security alert through internet explorer
  • You do have the following error:

You are missing a certificate on the chaine. Your user account has the full chaine, but not the computer account. In my case, i had to add a Verisign (Class 3) certificate for the local computer account:
…And alerts are gone! We could just uncheck the health monitoring of certificate, but it's always better to get notified when it's expired :)


Anonymous said...

mathieu great post but it is further along that I have gotten yet. Could you detail how to set up the https web app? The one I am trying to do is using a user id and password stored in a database not in Window so I am having trouble setting up the Run as account and authentication. Any details you can give me would be very helpful. Thanks!


Mathieu Chateau said...

I guess it is a form based authentication ? If so, you need to use the record web feature, that will launch internet explorer and record all web page you go to. When you will authenticate through internet explorer, scom will record what you sent through the form (login/pass).
I hope it's clear!