When monitoring remote Azure SQL databases in SSL mode, the Foglight Agent Manager (FglAM) must trust the database server's certificate. This requires importing the server certificate into the appropriate keystore used by the Azure SQL cartridge.
If the Azure SQL server certificate is missing or not trusted by the FglAM's keystore, the agent will fail to establish a secure SSL connection. This results in certificate validation or SSL handshake errors.
When FMS is version 5.9.7 or later with FIPS compliance mode enabled, and the Azure SQL DB cartridge is version 5.9.7.10 or later, follow these steps to import the certificate into fogdb.store:
Go to the following directory:
{FGLAM_HOME}/agents/DB_Azure/5.9.7.10-5.9.7.10-xxxx-xxxx/lib
certificatetool-5.9.7.10.bat --add-certificate host1=C:\test.cer
chmod u+x certificatetool-5.9.7.10.sh
./certificatetool-5.9.7.10.sh --add-certificate host1=/path/to/test.cer
The following video uses the same process as described above for SQL Server certificates and is relevant for Azure SQL agents.