Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - LucIDR

Pages1
#1
General Support / Re: Passing a folder to TrustedRootCertificate doesn't work
March 17, 2025, 03:53:55 PM
Hi, thanks for getting back to me.

In my mind I wanted to use folders so that once the Root CA that is used to issue to certificates for Agent Tunnels gets close to expiry I am able to issue a new one, provide that one to the agents and only once that is done update the certificate on the NetXMS server, removing the old one. By having both certificates in the folder it would allow me to rollback to the old certificate on the server in case something goes wrong and I lose connection to all my agents.

I wanted to do it this way to avoid having to log on each machine whenever it's time to renew the CA.
#2
General Support / Passing a folder to TrustedRootCertificate doesn't work
March 07, 2025, 11:07:03 AM
Hello,

While setting up agent tunneling I've passed a folder for the TrustedRootCertificate config however after looking at the logs verification of the certificate still fails.

When pointing the path at the .crt file directly the verification succeeds and the agent is able to connect.

This is my configuration.

Code Select
ServerConnection = REDACTED:4703
MasterServers = REDACTED
ConfigIncludeDir = C:\NetXMS\etc\nxagentd.conf.d
#LogFile = {syslog}
LogFile = C:\NetXMS\log\log.log
DebugLevel = 6
FileStore = C:\NetXMS\var
SubAgent = bind9
SubAgent = filemgr
SubAgent = ping
SubAgent = logwatch
SubAgent = mqtt
SubAgent = netsvc
SubAgent = ssh
SubAgent = wineventsync
SubAgent = winperf
SubAgent = wmi
SubAgent = ups
EnableProxy = yes
EnableSNMPProxy = yes
EnableSNMPTrapProxy = yes
EnableSyslogProxy = yes
EnableTCPProxy = yes
RequireAuthentication = yes
RequireEncryption = yes
EnabledCiphers = 1
SharedSecret = REDACTED

TrustedRootCertificate=C:\NetXMS\var\certs\rootCA.crt # This works
#TrustedRootCertificate=C:\NetXMS\var\certs\ # This does not
VerifyServerCertificate=yes

[filemgr]
RootFolder = C:/NetXMS # read/write access

ZoneUIN = 2
ZoneId = 2

[ServerConnection/REDACTED]
Hostname=REDACTED
Port=4703

The agent is running under windows.

The log shows that the folder has been successfully added as trusted but certificate version fails.
I'm unsure if this is a configuration error on my part or something else, any ideas?
Thanks!
Pages1