When running sslConfig․sh on the Data Aggregator to enable HTTPS/JMX SSL with a signed certificate, the script fails․ The same certificate might work successfully on Spectrum or DX Console, but fails on the Data Aggregator​​​​‌​‍․

ERROR MESSAGE: "error 2 at 1 depth lookup: unable to get issuer certificate" "ERROR: Signed certificate not trusted by /opt/CA/IMDataAggregator/config/ssl/truststore"

SYMPTOMS:

• The sslConfig․sh script exits with an error

• HTTPS/SSL configuration fails for the Data Aggregator

CONTEXT: Occurs during SSL configuration in DX NetOps 25․4․4 and later IMPACT: Administrators cannot secure the Data Aggregator with a signed certificate

The root and intermediate CA certificates must be explicitly imported into the DA truststore before importing the host certificate, otherwise the certificate chain cannot be verified․

PREREQUISITES:

• Administrator access to the Data Aggregator host

• The root certificate, intermediate certificate, and signed host certificate files

STEPS:

1․ DELETE EXISTING CERTIFICATES

keytool -delete -keystore /opt/CA/IMDataAggregator/jre/lib/security/cacerts -alias <alias_name>

EXPECTED: Old certificates are successfully removed from the keystore and truststore

2․ IMPORT ROOT CERTIFICATE

keytool -importcert -keystore /opt/CA/IMDataAggregator/jre/lib/security/cacerts -alias <alias_name> -file <filename>

EXPECTED: Root certificate is trusted

3․ IMPORT INTERMEDIATE CERTIFICATE

keytool -importcert -keystore /opt/CA/IMDataAggregator/jre/lib/security/cacerts -alias <alias_name> -file <filename>

EXPECTED: Intermediate certificate is trusted

4․ RUN SSL SCRIPT

Path: /opt/CA/IMDataAggregator/scripts/sslConfig․sh

EXPECTED: The script completes without issuer verification errors NOTE: Always import the root, intermediate, and host certificates in this specific order

VERIFY SUCCESS:

• Data Aggregator starts successfully

• HTTPS access to the Data Aggregator is secure and trusted