V21 Unix agents are not able to parse certificates from the default ssl dir
search cancel

V21 Unix agents are not able to parse certificates from the default ssl dir


Article ID: 251823


Updated On:


CA Automic Workload Automation - Automation Engine CA Automic One Automation


Unix agents are not able to parse certificates from the default ssl dir

Expected Behavior: If there is nothing mentioned in the [AUTHORIZATION] parameters of the agent .ini the agent should look at the default cert stores as below

Default SSLCertDir
/etc/ssl/certs [Debian/Ubuntu]
/etc/pki/tls/certs [Fedora/RHEL/CentOS]
/usr/local/share/certs [FreeBSD]
/etc/openssl/certs [NetBSD]
/var/ssl/certs [AIX]


Actual Behaviour: It does not work unless the trustedCertFolder= parameter is explicitly pointing towards the default ssl dir [OR] the certificate file is copied to a dedicated folder and then the trustedCertFolder= parameter is updated with that information.


Release: 21.x

Component: Automation Engine

Sub-Component(s): Unix/Linux agents




Documentation has been updated  on version 21.0.8 and superior with this note:

When you used certificates signed by a CA, the certificates are stored in the respective Java or OS store by default; that is the Java trust store for Java components and Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. In this case, you only have to check that the root certificates already are in the respective store.

If the relevant certificates are not there and you want to import them, you can use OS or Java specific tools for that purpose, such as Keytool, cert-manager, OpenSSL and such. For more information on how to use those tools, please refer to the respective product documentation.

If you do not want to use the default locations for the components and Agents listed above, make sure you use the trustedCertFolder=agentSecurityFolder=, and keyPassword= parameters (if applicable) in the respective configuration (INI) file to define the path to the folder where the trusted certificates are stored.