Certificate Support
This sections explains using automatic certificate management with packaged certificates and troubleshooting certificate errors.
How to use Packaged Certificates for Automatic Certificate Management
Cloud Agent for Linux Intel supports configuring automatic certificate management with packaged Root certificates. This helps you automate certificate assignments and reduces certificate failures.
Cloud Agent host needs certificates for successful communication with the Qualys platform. The following certificates, packaged with Cloud Agent, provide flawless and effective communication:
- QAG Public Certificate: To communicate with the Qualys Platform.
- CASK Certificate: To communicate with the Qualys Content Delivery Network (CDN).
- Global Certificate: To communicate with the Qualys platform if you use the Qualys Gateway Service in patching and cache mode. Global certificate eliminates the need for manual certificate distribution.
By default, this feature is disabled. To enable this feature, set the parameter AddCertsToStore=1 using Cloud Agent configuration tool (qualys-cloud-agent.sh).
The packaged root certificate support is available with Linux Intel Cloud Agent 7.4 and higher.
When enabled, Cloud Agent merges system-trusted certificates with packaged Root certificates and uses the merged certificate bundle for platform communication. This merged certificate bundle eliminates the need for manual certificate installation and ensures trusted communication with the Qualys platform.
The packaged Root certificate support is available only for Cloud Agents installed on shared Qualys Platforms.
How to Troubleshoot Certificate Errors
This section explains how to fix the certificate support errors encountered while communicating with the Qualys Cloud Platform.
You can encounter the following two certificate errors: