SQL PI Repository - How to import certificates when there is a connection error for no certificates (4228724)

When monitoring connecting to a remote SQL Server PI repository SSL mode, certificates for the SQL Server PI repository database server must be imported into the keystore on the Agent Managers and FMS.

Error message: Unable to find certificate chain

DB agent manager* - the agent manager where the database agent is running.

PI agent manager** - the agent manager where the PI domain manager agent (DB_Oracle_SPI_Repository, DB_SQL_Server_SPI_Repository, SSAS_SPI_Repository) is running.

Foglight Management Server

Import the certificate into default truststore in Foglight server

1. Remote to the Foglight server and go to {Foglight}\jre\bin.
2. Start a command window.
3. Import the certificate via command:

          keytool -import -trustcacerts -alias {alias} -file {certificate file} -keystore {Foglight}/config/security/trust.fips.keystore -deststoretype BCFKS -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath {Foglight}/server/core/bc-fips.jar -storepass nitrogen

For example:

Note: when running in federation mode, it requires importing the certificate into the keystore for both master and child Foglight server.

Foglight Agent Manager

Import the certificate into fogdb.store in DB agent manager and PI agent manager

1. Remote to the Foglight Agent Manager (FglAM) and go to the agent/lib folder. (i.e. {fglam_home}/agents/DB_SQL_Server/5.9.7.10-5.9.7.10-xxxx-xxxx/lib for SQL Server agent or {fglam_home}/agents/DB_Oracle/5.9.7.10-5.9.7.10-xxxx-xxxx/lib for Oracle agent.)
2. Start a command window.
3. Import the certificate via command:

• Windows:

         certificatetool-5.9.7.10.bat --add-certificate {alias}=\path\to\certificate\file

• Linux:

        For example:
        certificatetool-5.9.7.10.bat --add-certificate host1=c:\test.cer

The following video details the certificate installation steps.