WinRM and VMWare - How to import certificates when there is a connection error for no certificates (4228573)

When monitoring remote systems such as Windows hosts via WinRM or VMware environments in SSL mode, the Foglight Agent Manager (FglAM) must trust the remote server's certificate. This requires importing the server or CA certificate into the Agent Manager's trust keystore.

If the remote server's certificate is not trusted by the Agent Manager, SSL connections will fail. This typically occurs in environments using self-signed certificates or internal certificate authorities (CAs) that are not recognized by default.

Installing HTTPS Certificates

To trust an internal CA or server certificate, follow these steps:

1. Ensure the Agent Manager is running.
2. Open a command shell on the Agent Manager host and navigate to the /bin directory.
3. Run the following command to import the certificate:

fglam --add-certificate alias=/path/to/certificate/file

If the import is successful, the Agent Manager will automatically recognize and use the certificate.

• For instructions on configuring WinRM, refer to the "Manually configuring WinRM HTTP access" section in the Foglight Agent Manager guide.
• To ensure FIPS compliance for WinRM connections:
  • Disable DCOM on the target host.
  • Disable the WinRM HTTP listener.
  • Enable only the WinRM HTTPS listener.