Unix agents are not able to parse certificates from the default ssl dir
Expected Behavior: If there is nothing mentioned in the [AUTHORIZATION] parameters of the agent .ini the agent should look at the default cert stores as below
Default SSLCertDir
/etc/ssl/certs [Debian/Ubuntu]
/etc/pki/tls/certs [Fedora/RHEL/CentOS]
/usr/local/share/certs [FreeBSD]
/etc/openssl/certs [NetBSD]
/var/ssl/certs [AIX]
Actual Behaviour: It does not work unless the trustedCertFolder= parameter is explicitly pointing towards the default ssl dir [OR] the certificate file is copied to a dedicated folder and then the trustedCertFolder= parameter is updated with that information.
Release: 21.x
Component: Automation Engine
Sub-Component(s): Unix/Linux agents
Documentation has been updated on version 21.0.8 and superior with this note:
When you used certificates signed by a CA, the certificates are stored in the respective Java or OS store by default; that is the Java trust store for Java components and Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. In this case, you only have to check that the root certificates already are in the respective store.
If the relevant certificates are not there and you want to import them, you can use OS or Java specific tools for that purpose, such as Keytool, cert-manager, OpenSSL and such. For more information on how to use those tools, please refer to the respective product documentation.
If you do not want to use the default locations for the components and Agents listed above, make sure you use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters (if applicable) in the respective configuration (INI) file to define the path to the folder where the trusted certificates are stored.