Recent Discussions
Adding additional Root and Intermediate CA certificates to Linux collector.
Hello, I have some https website tests that are failing because the Root and Intermediate CA certificates are not in the collector trust store. I have added the certificates into /etc/ssl/certs and ran sudo update-ca-certificates. openssl s_client connection now verifies the certificate chain, however the website test still fails with the same error. does the collector use a different trust store to the standard package installed to the Ubuntu 22.04 OS? I'm assuming that as it's mostly Java based there is a particular module or something that uses a different trust store. I can't find any information about this elsewhere. The CA's in question are: SectigoRSADomainValidationSecureServerCA.crt SecureCertificateServices.crt /etc/ssl/certs/ lrwxrwxrwx 1 root root 19 Jul 21 17:19 75583d7f.0 -> SecureCertificateServices.pem lrwxrwxrwx 1 root root 44 Jul 21 17:19 65ff7287.0 -> SectigoRSADomainValidationSecureServerCA.pem you can see here the openssl verification of the chain: Start Time: 1753171962 Timeout : 7200 (sec) Verify return code: 0 (ok) Then the website check step failing: One other minor frustration is in the debug runner, !opssl is listed as a valid command, however when trying to run it, it says unknown debug command, really not all that useful so I can to connect to the customer environment and directly ssh to the collectors to even begin troubleshooting because there was no real useful information returned in the UI.
