When a newly installed device does not show up in the Automox console, it is likely the result of the Automox agent being unable to communicate with the Automox API. While this can be due to a number of different issues, one potential reason is that the Automox agent is unable to establish a secure connection with the Automox API, which is indicated by following error found within the agent logs:
x.509 certificate signed by unknown authority
This error, while rare, usually indicates that the Let's Encrypt root CA certificate may not be installed on the device. Because the Automox agent uses the local system's certificate repository to securely communicate with the Automox API, this is a required certificate.
Install the Let's Encrypt Root Certificate
To install this certificate, you must first download it from the Let's Encrypt Chain of Trust site: https://letsencrypt.org/certificates/ . At the time of writing, the Active Let's Encrypt root certificate is ISRG Root X1 (self-signed) and will be referred to as
isrgrootx1.pem moving forward. Then, with the root certificate in hand, you next need to actually install it. This step is dependent on the operating system of the target device, however the most common commands for each operating system are listed here.
certutil -addstore -f "ROOT" isrgrootx1.pem
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain isrgrootx1.pem
Fedora 26+ / RHEL 6+ / CentOS 6+
Before installing the root certificate on an RPM-based operating system, you must copy
sudo update-ca-trust extract
Ubuntu / Debian
Before installing the root certificate on a Debian-based operating system, you must copy
Before installing the root certificate on the SUSE Linux Enterprise Server operating system, you must copy
Article is closed for comments.