Forum Discussion

llama's avatar
llama
Icon for Neophyte rankNeophyte
22 days ago
Solved

Adding additional Root and Intermediate CA certificates to Linux collector.

Hello, I have some https website tests that are failing because the Root and Intermediate CA certificates are not in the collector trust store. I have added the certificates into /etc/ssl/certs and...
  • llama's avatar
    llama
    9 days ago

    Just to close this one down, it seems there is an issue with TLS negotiation, so it's a 3rd party issue.

    LM support fed the following back:

    While both certificates are trusted and valid when accessed via a browser, the LogicMonitor collector's internal HTTP client is encountering a fatal TLS handshake error with the message: "Received fatal alert: protocol_version."

     

    We also ran !ssltest, which confirmed that the server advertises support for TLSv1.2 and that the certificate chain is valid. However, despite this, the collector is unable to complete the handshake due to an incompatibility in how the endpoint negotiates TLS during connection establishment. This can be caused by:

    • An unsupported or non-standard TLS handshake response
    • TLS header behavior that differs from RFC-compliant expectations
    • Cipher suite ordering or compatibility issues
llama's avatar
llama
Icon for Neophyte rankNeophyte
9 days ago

Just to close this one down, it seems there is an issue with TLS negotiation, so it's a 3rd party issue.

LM support fed the following back:

While both certificates are trusted and valid when accessed via a browser, the LogicMonitor collector's internal HTTP client is encountering a fatal TLS handshake error with the message: "Received fatal alert: protocol_version."

 

We also ran !ssltest, which confirmed that the server advertises support for TLSv1.2 and that the certificate chain is valid. However, despite this, the collector is unable to complete the handshake due to an incompatibility in how the endpoint negotiates TLS during connection establishment. This can be caused by:

  • An unsupported or non-standard TLS handshake response
  • TLS header behavior that differs from RFC-compliant expectations
  • Cipher suite ordering or compatibility issues