This article provides steps that help the Aria Operations for Logs agent handle expired Windows CA root certificates correctly.

Symptoms:

• Unable to get the agents on Windows server to forward logs to the Aria Operations for Logs server even after creating firewall rules based on required ports for the appliance.
• When there is an expired certificate and a valid certificate in Trusted Root Certification Authorities of the Windows client machine, the Aria Operations for Logs agent will not be able to differentiate it and can use the expired one. If the agent uses the expired certificate, the communication between the Agent and Server will be broken.

• On the Windows client machine, under C:\ProgramData\VMware\Log Insight Agent\log\liagent_<date>.log, you see errors similar to:

• In the above mentioned log file, you might also see it as:
  Transport error while trying to connect to '<IP_Address or FQDN_of AriaLogs>': SSL peer certificate or SSH remote key was not OK

Aria Operations for Logs 8.x

This is a known issue affecting vRealize Log Insight 8.x, there is no resolution at this time.  Please subscribe to this article to be informed when updates are published.

Workaround:
To workaround this issue, use either of the following keys to the [server] section of the liagent.ini file.

Option 1:
Set ssl_accept_any=yes and ssl_accept_any_trusted=yes. This will enable the LI Agent to trust the certificate even with the expired root CA

Option 2:
Create a separate truststore with the valid root CA only, and point LI Agent to it using the ssl_ca_path property

All options are described in detail in the documentation page - Configure the VMware Aria Operations for Logs Agent SSL Parameters