Adding additional Root and Intermediate CA certificates to Linux collector.

Hello,

I have some https website tests that are failing because the Root and Intermediate CA certificates are not in the collector trust store.

I have added the certificates into /etc/ssl/certs and ran sudo update-ca-certificates.

openssl s_client connection now verifies the certificate chain, however the website test still fails with the same error.

does the collector use a different trust store to the standard package installed to the Ubuntu 22.04 OS?

I'm assuming that as it's mostly Java based there is a particular module or something that uses a different trust store.

I can't find any information about this elsewhere.

The CA's in question are:

SectigoRSADomainValidationSecureServerCA.crt
SecureCertificateServices.crt

/etc/ssl/certs/

lrwxrwxrwx 1 root root   19 Jul 21 17:19  75583d7f.0 -> SecureCertificateServices.pem
lrwxrwxrwx 1 root root   44 Jul 21 17:19  65ff7287.0 -> SectigoRSADomainValidationSecureServerCA.pem

you can see here the openssl verification of the chain:

    Start Time: 1753171962
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

Then the website check step failing:

One other minor frustration is in the debug runner, !opssl is listed as a valid command, however when trying to run it, it says unknown debug command, really not all that useful so I can to connect to the customer environment and directly ssh to the collectors to even begin troubleshooting because there was no real useful information returned in the UI.

Forum Discussion

Adding additional Root and Intermediate CA certificates to Linux collector.

Recent Discussions

Aws fsx monitoring

Single DS for Monitoring multiple windows processes

How long do you sit on hold waiting for Chat support?

API to fetch device id and remove it from monitoring

Can LM run a SQL Query against a specific Server/Database and alert based on the results?