Certificate Support
Cloud Agent installed on AIX may throw the following error for the certificate ca-bundle.crt when trying to communicate with the Qualys Cloud Platform. This happens when the certificate files are not present on the host asset or the certificate files are present at a non-default location.
2017-09-26 06:45:09.499 [qualys-cloud-agent][28901532]:[Information]:Cert OS: AIX, CA
path:/var/ssl/certs/ca-bundle.crt
2017-09-26 06:45:09.502 [qualys-cloud-agent][28901532]:[Error]:cloud-agent terminated: exception in
main(): File not found: /var/ssl/certs/ca-bundle.crt
To fix this issue, you must manually install the certificate files in the appropriate location on the host asset. You can either use the certificate files from your existing RHEL or CentOS assets or download the certificate files from the following location:
https://curl.haxx.se/docs/caextract.html
- Run curl command from Linux machine:
curl --remote-name --time-cond cacert.pem
https://curl.se/ca/cacert.pem - Rename curl output from
cacert.pem
toca-bundle.crt
. - Copy the certificate file as ca-bundle.crt at the following default location on AIX:
/var/ssl/certs/
- If you want to use a non default location, ensure that the directory path is added in the
/etc/opt/qualys/cloud-agent/qagent.config
and set AIX path to/var/ssl/certs/ca-bundle.
crt
in the following manner:
{
"os": "AIX",
"cafile": "/var/ssl/certs/ca-bundle.crt"
}For agent version 1.6, the
qagent.config
file is located at/etc/qualys/cloud-agent/qagent.config
. - Now restart the QAgent Service using following command:
/opt/qualys/cloud-agent/bin/qcagent.sh restart
- Check logs for any SSL/cert issues
tail -f /var/opt/qualys/qualys-cloud-agent.log