When monitoring remote SQL Server databases in SSL mode, certificates for the database server must be imported into the keystore on the Agent Manager.
Otherwise, the one of following errors will occur:
[Foglight][SQLServer JDBC Driver]Error establishing socket to host and port: ServerXXX:1433. Reason: Failed to create trust manager
or
[Foglight][SQLServer JDBC Driver]SSL handshake failed:certificate_unknown(46)
When FMS is 5.9.7 and later in with FIPS compliance mode enabled and the SQL Server cartridge is 5.9.7.10 or later, the certificate must be imported into fogdb.store using the following steps:
Step 1: Navigate to the Foglight Agent Manager (FglAM) to agent/lib folder. Taking version 5.9.7.10 as an example:
{fglam_home}/agents/DB_SQL_Server/5.9.7.10-5.9.7.10-xxxx-xxxx/lib
Step 2: Execute the command below to import the certificate:
Windows:
certificatetool-5.9.7.10.bat --add-certificate {alias}=\path\to\certificate\file
Linux:
chmod u+x certificatetool-5.9.7.10.sh
./certificatetool-5.9.7.10.sh --add-certificate {alias}=/path/to/certificate/file
For example:
certificatetool-5.9.7.10.bat --add-certificate host1=c:\test.cer
The following video details how to add the certificate for SQL Server hosts.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center