Certificate Support

Cloud Agent installed on AIX may throw the following error for the certificate ca-bundle.crt when trying to communicate with the Qualys Cloud Platform. This happens when the certificate files are not present on the host asset or the certificate files are present at a non-default location. 

2017-09-26 06:45:09.499 [qualys-cloud-agent][28901532]:[Information]:Cert OS: AIX, CA 
path:/var/ssl/certs/ca-bundle.crt
2017-09-26 06:45:09.502 [qualys-cloud-agent][28901532]:[Error]:cloud-agent terminated: exception in 
main(): File not found: /var/ssl/certs/ca-bundle.crt

To fix this issue, you must manually install the certificate files in the appropriate location on the host asset. You can either use the certificate files from your existing RHEL or CentOS assets or download the certificate files from the following location:

https://curl.haxx.se/docs/caextract.html

  1. Run curl command from Linux machine:
    curl --remote-name --time-cond cacert.pem 
    https://curl.se/ca/cacert.pem
  2. Rename curl output from cacert.pem to ca-bundle.crt.
  3. Copy the certificate file as ca-bundle.crt at the following default location on AIX: /var/ssl/certs/
  4. If you want to use a non default location, ensure that the directory path is added in the /etc/opt/qualys/cloud-agent/qagent.config and set AIX path to /var/ssl/certs/ca-bundle.crt in the following manner:

     "os": "AIX",
     "cafile": "/var/ssl/certs/ca-bundle.crt"
    }

    For agent version 1.6, the qagent.config file is located at /etc/qualys/cloud-agent/qagent.config.

  5. Now restart the QAgent Service using following command:
    /opt/qualys/cloud-agent/bin/qcagent.sh restart
  6. Check logs for any SSL/cert issues
    tail -f /var/opt/qualys/qualys-cloud-agent.log