Return
-
Title
SQL PI Repository – How to Import Certificates When a Connection Error Indicates Missing Certificates -
Description
When connecting to a remote SQL Server PI repository in SSL mode, the Foglight Agent Managers and Foglight Management Server (FMS) must trust the database server's certificate. This requires importing the certificate into the appropriate keystores.
-
Cause
If the SQL PI repository certificate is not trusted by the FMS or Agent Manager keystores, secure SSL connections will fail with errors such as:
Unable to find certificate chain
-
Resolution
Foglight Management Server (FMS)
Import the certificate into the default truststore:
- Navigate to
{Foglight}/jre/bin. - Run the following command:
keytool -import -trustcacerts -alias host1 -file c:/test.cer -keystore C:/Quest/Foglight/config/security/trust.fips.keystore -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath C:/Quest/Foglight/server/core/bc-fips.jar -storepass nitrogen -nopromptNote: In federation mode, import the certificate into both master and child FMS instances.
Foglight Agent Manager (FglAM)
Import the certificate into
fogdb.storeon both the DB agent manager and PI agent manager:- Navigate to the appropriate
libdirectory:{fglam_home}/agents/DB_SQL_Server/5.9.7.10-xxxx/libor{fglam_home}/agents/DB_Oracle/5.9.7.10-xxxx/lib - Run the following command:
Windows:
certificatetool-5.9.7.10.bat --add-certificate host1=c:\test.cer
Linux:
chmod u+x certificatetool-5.9.7.10.sh ./certificatetool-5.9.7.10.sh --add-certificate host1=/path/to/test.cer
The following video details the certificate installation steps.
- Navigate to
-
Defect ID
FOM-182