Error: "Could not establish trust relationship for the SSL/TLS secure channel" while installing Telegraf agent on the windows based physical server.
search cancel

Error: "Could not establish trust relationship for the SSL/TLS secure channel" while installing Telegraf agent on the windows based physical server.

book

Article ID: 389315

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

The Invoke-WebRequest or wget --no-check-certificate commands fails with "Could not establish trust relationship for the SSL/TLS secure channel"

This article provides step-by-step instructions to install the Telegraf agent on a windows based physical server for monitoring purposes in VMware Aria Operations.

Environment

VMware Aria Operations 8.12.x and Later

 

Cause

Downloading and installing the Telegraf agent fails due to certificate validation issues or network restrictions.

Resolution

 

  1. Run the following PowerShell script to bypass certificate validation:

    if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
    {
        public static void Ignore()
        {
            if(ServicePointManager.ServerCertificateValidationCallback ==null)
            {
                ServicePointManager.ServerCertificateValidationCallback +=
                    delegate
                    (
                        Object obj,
                        X509Certificate certificate,
                        X509Chain chain,
                        SslPolicyErrors errors
                    )
                    {
                        return true;
                    };
            }
        }
    }
"@
    Add-Type $certCallback
 }
[ServerCertificateValidationCallback]::Ignore()
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

     

  2. Download the Telegraf Agent Installation Script
    Run the following PowerShell command:

    Invoke-WebRequest "https://<CloudProxy-fqdn/IP>/downloads/salt/telegraf-utils.ps1" -OutFile telegraf-utils.ps1

  3. Retrieve the Token for Script Execution

    • Navigate to: 
      https://<vrops-fqdn>/suite-api
    • Search for the Auth API by typing "acquire" into the search bar.

    • Click on Auth and then on the API to expand them down                                                                                                                                                                                                                                                                                                                  
    • Click Try it out

    • Fill in the fields with the appropriate info:
      • "username": "admin",
          "authSource": "local",
          "password": "<admin password>"
    • Click Execute
    • Response Code 200 will contain the token and will be displayed in the format:
      ########-####-####-####-############::########-####-####-####-############

    • Use this token in the script execution (as shown in step 4).

  4. Execute the Installation Script
    Run the script with the required parameters:

    .\telegraf-utils.ps1 product-managed -c <cloud_proxy_ip_or_collector_group_name> -t <token> -v <vmwareariaoperations_ip_or_fqdn>

     

The above action should trigger Telegraf agent installation on the server and the 'Agent Running' status should be seen under 'Manage Telegraf Agent' section.

 

Additional Information

Powered by Wolken Software