• Attempting to pair a VCF Operations for Logs Agent to a Cloud Proxy Log Forwarded using SSL fails
• The liagent.ini config file has the following configuration set for SSL

proto=cfapi
port=9543
ssl=yes

• The LI Agent log file shows the following errors:

Certificate pre-verify error = 20 while trying to connect to 'Cloud_Proxy_FQDN'. Unable to get local issuer certificate

Transport error while trying to connect to 'Cloud_Proxy_FQDN': SSL peer certificate or SSH remote key was not OK

Postponing connection to Cloud_Proxy_FQDN:9543 by 18 sec

Re-connecting to server Cloud_Proxy_FQDN:9543

Certificate pre-verify error = 20 while trying to connect to 'Cloud_Proxy_FQDN'. Unable to get local issuer certificate

Transport error while trying to connect to 'Cloud_Proxy_FQDN': SSL peer certificate or SSH remote key was not OK

Postponing connection to Cloud_Proxy_FQDN:9543 by 47 sec

NOTE - For Windows, these logs are located in the C:\ProgramData\VMware\Log Insight Agent\logs directory. For Linux, the path for the operation log is /var/log/loginsight-agent/liagent_*.log.

VCF Operations

VCF Operations for Logs

The Cloud Proxy Log Forwarder uses a self-signed certificate which is different from the TLS certificate that is applied to the Cloud Proxy.

Currently, it is not possible to change the certificate presented by the VCF Operations Cloud Proxy forwarder.

This has been identified as a product defect and is planned to be fixed in one of the next releases for VCF Operations.

As a workaround use the ssl_accept_any=yes flag within the liagent.ini config file for SSL communication.