-
Título
SQL Server - How to import certificates when there is a connection error for no certificates -
Descripción
When monitoring remote SQL Server databases in SSL mode, certificates for the database server must be imported into the keystore on the Agent Manager.
Otherwise, the one of following errors will occur:
[Foglight][SQLServer JDBC Driver]Error establishing socket to host and port: ServerXXX:1433. Reason: Failed to create trust manager
or
[Foglight][SQLServer JDBC Driver]SSL handshake failed:certificate_unknown(46)
-
Resolución
When FMS is 5.9.7 and later in with FIPS compliance mode enabled and the SQL Server cartridge is 5.9.7.10 or later, the certificate must be imported into fogdb.store using the following steps:
Step 1: Navigate to the Foglight Agent Manager (FglAM) to agent/lib folder. Taking version 5.9.7.10 as an example:
{fglam_home}/agents/DB_SQL_Server/5.9.7.10-5.9.7.10-xxxx-xxxx/lib
Step 2: Execute the command below to import the certificate:
-
Windows:
certificatetool-5.9.7.10.bat --add-certificate {alias}=\path\to\certificate\file
-
Linux:
chmod u+x certificatetool-5.9.7.10.sh
./certificatetool-5.9.7.10.sh --add-certificate {alias}=/path/to/certificate/file
For example:
certificatetool-5.9.7.10.bat --add-certificate host1=c:\test.cer
The following video details how to add the certificate for SQL Server hosts.
-
-
ID de defecto
FOM-182