When a newly installed device does not show up in the Automox console, it is likely the result of the Automox agent being unable to communicate with the Automox API. While this can be due to a number of different issues, one potential reason is that the Automox agent is unable to establish a secure connection with the Automox API, which is indicated by following error found within the agent logs:
x.509 certificate signed by unknown authority
This error, while rare, usually indicates that the Let's Encrypt root CA certificate may not be installed on the device. Because the Automox agent uses the local system's certificate repository to securely communicate with the Automox API, this is a required certificate.
Install the Let's Encrypt Root Certificate
To install this certificate, you must first download it from the Let's Encrypt Chain of Trust site: https://letsencrypt.org/certificates/ . At the time of writing, the Active Let's Encrypt root certificate is ISRG Root X1 (self-signed) and will be referred to as isrgrootx1.pem
moving forward. Then, with the root certificate in hand, you next need to actually install it. This step is dependent on the operating system of the target device, however the most common commands for each operating system are listed here.
Windows
certutil -addstore -f "ROOT" isrgrootx1.pem
macOS
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain isrgrootx1.pem
Fedora 26+ / RHEL 6+ / CentOS 6+
Before installing the root certificate on an RPM-based operating system, you must copy isrgrootx1.pem
into /etc/pki/ca-trust/source/anchors
.
sudo update-ca-trust extract
Ubuntu / Debian
Before installing the root certificate on a Debian-based operating system, you must copy isrgrootx1.pem
into /usr/local/share/ca-certificates/
.
sudo update-ca-certificates
SLES
Before installing the root certificate on the SUSE Linux Enterprise Server operating system, you must copy isrgrootx1.pem
into /usr/share/pki/trust/anchors/
.
sudo update-ca-certificates
Comments
0 comments
Article is closed for comments.