VMware Cloud Community
Dell_Technologi
Enthusiast
Enthusiast

ssl certificate error

I generate then pem file with the command

cat ServerCertificate.crt esprit.us.dell.com.key Root.crt Intermediate.crt > multi_part.pem

from this guide

https://kb.vmware.com/s/article/2046591

the file multi_part.pem is in the folder as well, I tried to upload this file and gave me this error as  "invalid format"

Please advice and check the attachment for error.

6 Replies
Dell_Technologi
Enthusiast
Enthusiast

Thanks I have configured in Loginsight server now , is there any document to configure the ssl in agent as well ?

Reply
0 Kudos
daphnissov
Immortal
Immortal

The cert just needs to be downloaded to the client.

Reply
0 Kudos
Dell_Technologi
Enthusiast
Enthusiast

I copied the cert which I configured in the Loginsight server to a location  in client.

and then I did ssl=yes, & sslpath="to the location of  *.pem  where i copied in the client"

Then I restarted the licagentd service. After all these I dont see the client is not getting connected to Loginsight server.

Please advice

Reply
0 Kudos
rvany
Contributor
Contributor

Did you ever get this solved? And if: what exactly was "The cert just needs to be downloaded to the client." (quote from daphnissov)?

Reply
0 Kudos
KocPawel
Hot Shot
Hot Shot

Procedure looks like that (I hope I didn't forget about anything):

1) Go to page:

https://loginsightFQDN/admin/agents

at the bottom you have link to download agent. For example: Download Log Insight Agent Version

2) Install agent on client.

3) Add Root CA and Subordinates CA of you vRLI certificate as trusted (for Windows).

3) Edit liagent.ini file.

For Windows

[server]

hostname=<vrliFQDN>

proto=cfapi

; Log Insight server port to connect to. Default ports for protocols (all TCP):

; syslog: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:

port=9543

; SSL usage. Default:

ssl=yes

For Linux you need to set path to Log Insight cert file:

[server]

hostname=<vrliFQDN>

proto=cfapi

; Log Insight server port to connect to. Default ports for protocols (all TCP):

; syslog: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:

port=9543

; SSL usage. Default:

ssl=yes

ssl_ca_path=/etc/ssl/certs/<vrl cert>.pem

4) Restart service.

Installing or Upgrading vRealize Log Insight Agents

More info:

https://docs.vmware.com/en/vRealize-Log-Insight/4.5/com.vmware.log-insight.administration.doc/GUID-D...

After that check what is in logs:

Windows:

C:\ProgramData\VMware\Log Insight Agent\log

Linux:

/var/log/loginsight-agent/

Check also network connectivity on port 9543 (cfapi protocol). Maybe some FW on OS block traffic.

Reply
0 Kudos