Windows Event Collector Sensor App Manual Certificate Installation

Although the PowerShell installation is recommended, you can also perform the certificate installation manually. After the initial certificate installation, you will need to use the Microsoft Windows HTTP Services (WinHTTP) Certificate Configuration Tool (WinHttpCertCfg.exe) to complete the configuration of the client certificate.

To manually install the certificate

  1. Copy the downloaded certificate file to the Windows Server.

  2. Double-click the USM-NXLog-client.pfx file to launch the Certificate Import Wizard.

  3. For the Store Location, select the Local Machine.

    Note: Windows Server 2008 does not present the option to import into the Local Machine certificate store. For Windows 2008 installations, use the information in the following Microsoft document to import the certificate into the Local Machine certificate store:

    https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx

  4. When the wizard prompts you for a password, leave it blank and click Next.

  5. Select automatically select the certificate store based on the type of certificate and click Next to finish.

    Set the option to automatically select the certificate store

To configure WinHTTP

Important: In order to access the Security event log, the Network Service account must be in the Event Log Readers group.

  1. If you do not already have the WinHttpCertCfg.exe tool on your Windows Server, download and install it.

  2. Go to the Administrative Tools in Windows and open the Computer Management utility.

  3. Select Local Users and Groups > Groups > Event Log Readers.

    Note: If your system is deployed as an Active Directory domain controller, Local Users and Groups will not be available. In this case, refer to the Windows documentation to add the network service account to the domain Event Log Readers group.

  4. Right-click Event Log Readers and select Add to Group.

  5. Click Add.

  6. In the Enter the object names to select field, enter Network Service as the object name and click Check Names.

  7. Click OK and close the Computer Management utility.

  8. Give the Network Service account access to the installed certificate:

    winhttpcertcfg -g -c LOCAL_MACHINE\my -s USM-NXLog-client -a NetworkService

    If winhttpcertcfg is not in the path, you might find it in C:\Program Files (x86)\Windows Resource Kits\Tools\.