1. home icon for breadcrumbs >
  2. Certificate Support

Certificate Support on Solaris

Certificate Verification on Qualys Cloud Platform

Cloud Agent installed on Solaris may throw the following errors for the certificate ca-bundle.crt when trying to communicate with the Qualys Cloud Platform. This happens when the certificate files are not present on the host asset.

  • [qualys-cloud-agent][8056]:[Error]:Http request failed:
    Problem with the SSL CA cert (path? access rights?): error setting certificate verify locations:
    CAfile: /etc/certs/ca-bundle.crt
    CApath: none
  • [qualys-cloud-agent][7436]:[Error]:[1]:Http request failed:
    SSL peer certificate or SSH remote key was not OK:
    SSL certificate problem: unable to get local issuer certificate

To fix these issues, you must manually install the certificate files at the appropriate location on your host asset.

  1. You can either use the certificate files from your existing Solaris assets or download the certificate files from the following location:

    https://curl.haxx.se/docs/caextract.html
  2. Download the file cacert.pem and rename it to ca-bundle.pem.
  3. Copy the certificate files (ca-bundle.pem) at the following default location on Solaris:
    /etc/certs/
  4. Ensure that the absolute path is added in the /etc/opt/qualys/cloud-agent/qagent.config file in the following format:
    {
        "os": "SOLARIS",
        "cafile": "/etc/certs/ca-bundle.pem"
    }
  5. Restart the Cloud Agent Service.

Make sure you provide valid permissions to certificate file.

Certificate Verification for Solaris Package

While installing Qualys Cloud Agent on the Solaris platform, you will get the following error message:

pkgadd: ERROR: Signature verification failed while verifying certificate <subject=DigiCert Assured ID Root CA, issuer=DigiCert Assured ID Root CA>:<self signed certificate in certificate chain>

To fix this issue, perform the following steps:

  1. Download DigiCert Assured ID Root CA using following command:
    curl -LO https://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt.pem
  2. Download "DigiCert SHA2 Assured ID Code Signing CA" using the following command:
    curl -LO https://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt.pem
  3. Create keystore without a passphrase using the following command:
    sudo pkgadm addcert -ty DigiCertAssuredIDRootCA.crt.pem
    sudo pkgadm addcert -ty DigiCertSHA2AssuredIDCodeSigningCA.crt.pem

 If asked, provide the passphrase for manual or automated installation.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.