Restituisci
-
Titolo
SQL Server – How to Import Certificates When a Connection Error Indicates Missing Certificates -
Descrizione
When monitoring remote SQL Server databases in SSL mode, the Foglight Agent Manager (FglAM) must trust the database server's certificate. This requires importing the server certificate into the appropriate keystore used by the SQL Server cartridge.
-
Causa
If the SQL Server certificate is missing or not trusted by the FglAM's keystore, the agent will fail to establish a secure SSL connection. This results in errors such as:
[Foglight][SQLServer JDBC Driver]Error establishing socket to host and port: ServerXXX:1433. Reason: Failed to create trust manager [Foglight][SQLServer JDBC Driver]SSL handshake failed:certificate_unknown(46)
-
Risoluzione
When FMS is version 5.9.7 or later with FIPS compliance mode enabled, and the SQL Server cartridge is version 5.9.7.10 or later, follow these steps to import the certificate into
fogdb.store:Step 1: Navigate to the Cartridge Library
Go to the following directory:
{FGLAM_HOME}/agents/DB_SQL_Server/5.9.7.10-5.9.7.10-xxxx-xxxx/libStep 2: Import the Certificate
Windows:
certificatetool-5.9.7.10.bat --add-certificate host1=C:\test.cer
Linux:
chmod u+x certificatetool-5.9.7.10.sh ./certificatetool-5.9.7.10.sh --add-certificate host1=/path/to/test.cer
The following video details how to add the certificate for SQL Server hosts.
-
ID difetto
FOM-182