bg-tutorials

How to Install an SSL Certificate on PRTG Network Monitor

In this tutorial, you will learn how to install an SSL certificate on PRTG Network Monitor. PRTG secures its web interface by reading three certificate files from a single folder, so installation is mostly a matter of preparing those files correctly and copying them into place.

Generate a CSR code for PRTG Network Monitor

A CSR (Certificate Signing Request) is a block of encoded text containing your contact details and public key. Generating a CSR is a mandatory step for every SSL applicant. PRTG has no built-in CSR tool, so you create the CSR on your own Windows device instead of on the PRTG system. You have two options:

You can open the resulting CSR file with any text editor, such as Notepad. When you order your certificate, copy and paste the entire contents of the CSR (including the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– lines) into the corresponding box on your SSL vendor’s page. Keep the matching private key safe; you will need it during installation.

Tip: before you go further, download the free PRTG Certificate Importer from Paessler. This tool converts and combines the files your Certificate Authority issues and copies them into the correct PRTG folder for you, saving time and avoiding format mistakes.

Install an SSL certificate on PRTG Network Monitor

After your Certificate Authority validates your request and emails you the certificate files, you can install them. You have two paths:

  • Automatic (recommended): run the PRTG Certificate Importer. It converts your files to the format PRTG expects, stops and restarts the PRTG Core Server service, and saves everything to the correct subfolder.
  • Manual: prepare the three files yourself and copy them into place, as described below.

Step 1: Download and extract your SSL files

Download the ZIP archive from your Certificate Authority and extract it on your Windows device. Inside you’ll find your certificate and the issuer’s intermediate/root certificates. Have the private key you generated alongside the CSR ready as well.

Step 2: Prepare the three certificate files

PRTG Network Monitor reads exactly three files, all PEM-encoded, with these exact names:

  • prtg.crt, your primary (server) certificate. If your CA sent a bundle, this is your domain certificate (the first one in the chain). It must be in PEM format and named exactly prtg.crt.
  • prtg.key, your private key. It must be unencrypted (decrypted) to work with PRTG. Open the key in a text editor such as Notepad and use Ctrl+F to search for the word ENCRYPTED. If you find it (for example, a header line reading Proc-Type: 4,ENCRYPTED), decrypt the key with OpenSSL and your key password:
openssl rsa -in encrypted.key -out prtg.key
  • root.pem, the issuer’s root and intermediate certificates merged into a single PEM file. The order of the certificates inside this file does not matter.

Important: PRTG will not start if the files are missing, misnamed, or in the wrong format. The PEM files must use Windows line breaks (CRLF). Unix line endings are not supported and will prevent the service from starting. If you prepared the files on Linux or macOS, convert the line endings before copying them over (or simply use the PRTG Certificate Importer, which handles this for you).

Step 3: Stop the PRTG Core Server service

Open the PRTG Administration Tool on the PRTG core server, go to the PRTG Core Server tab, and stop the service. (You can also stop the PRTG Core Server service from the Windows Services console.) Stopping the service first ensures PRTG re-reads the certificate folder cleanly when it starts again.

Step 4: Copy the files into the PRTG \cert folder

Place all three files (prtg.crt, prtg.key, and root.pem) into the \cert subfolder of your PRTG program directory. On a default Windows installation this is:

  • C:\Program Files (x86)\PRTG Network Monitor\cert\

If files with these names already exist (PRTG ships with a self-signed set), back them up first, then overwrite them with your new files.

Step 5: Restart the PRTG Core Server service

Back in the PRTG Administration Tool (or the Windows Services console), start the PRTG Core Server service again. PRTG loads the new certificate on startup. If the service starts normally, the installation is complete.

Congratulations, you’ve successfully installed an SSL certificate on PRTG Network Monitor. If the service fails to start, the cause is almost always a file that is misnamed, encrypted, or saved with Unix line endings; recheck Step 2.

Test your SSL installation

Open the PRTG web interface in your browser using https:// and your server’s hostname, then check the padlock and certificate details. Even if everything looks correct, we recommend a thorough scan to catch hidden errors and configuration weaknesses. Our free SSL Checker deliver instant scans and reports on the state of your certificate, including chain and protocol checks.

Note: for the browser to fully trust the certificate, make sure the hostname you use to reach PRTG matches the common name (or a SAN entry) on the certificate.

Frequently Asked Questions

What files does PRTG need for an SSL certificate?

PRTG needs three PEM-encoded files with exact names: prtg.crt (your server certificate), prtg.key (your unencrypted private key), and root.pem (the issuer’s root and intermediate certificates in one file). All three must sit in the \cert subfolder of the PRTG program directory.

Where do I put the SSL certificate in PRTG Network Monitor?

Copy the three files into the \cert subfolder of your PRTG program directory, by default C:\Program Files (x86)\PRTG Network Monitor\cert\. Stop the PRTG Core Server service before copying, then restart it so PRTG loads the new certificate.

Why won’t PRTG start after I installed my certificate?

PRTG refuses to start when the certificate files aren’t in the expected format. The most common causes are: a file with the wrong name (it must be exactly prtg.crt, prtg.key, or root.pem), a private key that is still encrypted, or PEM files saved with Unix line breaks. PRTG only accepts Windows line breaks (CRLF). Fix the offending file and restart the PRTG Core Server service.

How do I decrypt my private key for PRTG?

If your key file contains the word ENCRYPTED, remove the passphrase with OpenSSL and save the result as prtg.key:
openssl rsa -in encrypted.key -out prtg.key
Enter your key password when prompted. The output file is an unencrypted key that PRTG can use.

Do I have to install the certificate manually?

No. Paessler’s free PRTG Certificate Importer automatically converts and combines the files your CA issued, saves them to the correct \cert folder, and stops and restarts the PRTG Core Server service for you. It’s the quickest and most error-proof way to install your certificate.

Where to buy the best SSL certificate for PRTG Network Monitor?

If you’re looking for affordable SSL certificates, SSL Dragon is your best SSL vendor. Our intuitive, user-friendly website walks you through the entire range of SSL certificates. All our products are issued by reputable Certificate Authorities and are compatible with PRTG Network Monitor.

We bring you some of the lowest prices on the market and dedicated customer support for any certificate you choose.

And if you’re struggling to find the ideal certificate, use our SSL Wizard to get tailored suggestions.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been building and managing websites for over 20 years, with a heavy focus on the technical side of the cybersecurity, VPN, and SaaS industries. I know how sites are built from the ground up, which means I know how to secure them. Here at SSL Dragon, I write about web architecture, encryption, and keeping your infrastructure safe.