The FMS was setup secured to use the default cert (quest.com). When attempting to invoke the fglcmd command from the FMS, the ssl flag was used but the command failed with the following:
Connection problem: Could not access HTTP invoker remote service at [https://localhost:8443/foglight-sl/CommandLineService]; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The fglcmd utility uses the JRE to connect to the FMS. The quest.com CA authority is not installed by default in the cacerts file on the FMS.
Also is recommended to use the -ssl switch.
1. Export the cert from the browser. Please reference the attached example of how to export the Cert from a Chrome browser.
2. Copy resulting file to FMS host, and import into CACERTS:
$FMS_HOME/jre/bin/keytool -keystore $FMS_HOME/jre/lib/security/cacerts -storepass changeit -import -alias [whatever_you_want] -file [path to CA CERT File]
3. This should import the needed information for the JRE to allow the fglcmd command to work properly
Example fglcmd usage using the -srv and -ssl switches:
Ensure that fglcmd -srv switch specifies the FQDN referenced in the cert, for example:
> fglcmd -srv hostname.domain.com -ssl -usr foglight -pwd foglight -port 8443 -cmd script:run -f filename.groovy