Certificates and the agent in the SolarWinds Platform
This topic applies only to the following SolarWinds Platform products:
SolarWinds Observability Self-Hosted
DPAIM — LA — NAM — NPM — SAM — SCM — SRM — VMAN*
SolarWinds Platform Agent software certificate
The SolarWinds Platform Agent software is signed using the DigiCert Assured ID Root Certificate Authority certificate. The certificate must be valid.
If your certificate is not valid:
-
Download the following certificate from DigiCert Trusted Root Authority Certificates (© 2021 DigiCert Inc., available at https://www.digicert.com/kb/digicert-root-certificates.htm, obtained on May 3, 2021.)
DigiCert Assured ID Root CA
SHA1 Fingerprint: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
SHA256 Fingerprint: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:3
-
Install the certificate to the
Local Computer\Trusted Root Certification Authority
store on the server hosting the agent.
For more information, search for "Add the Certificates Snap-in to an MMC" at technet.microsoft.com.
SolarWinds Platform (self-hosted) and SolarWinds Platform Agent certificates
SolarWinds Platform (self-hosted) uses a certificate you can add in the Configuration Wizard. See Configure the SolarWinds Platform Web Console to use HTTPS.
When you install SolarWinds Platform Agents, the SolarWinds Platform generates a unique certificate for each agent. These certificates are signed by the SolarWinds certificate you added in the Configuration Wizard. The certificate is stored in the SolarWinds Platform database and in the SolarWinds Platform Agent. It is used for authentication and encryption of the communication between SolarWinds Platform and the agent.
Signing Linux/AIX SolarWinds Platform Agents
Starting with 2023.1, Linux/AIX installation packages (rpm/deb
packages) and repositories (yum/zypper/apt
repositories) are signed.
You might need to import the public GPG key manually to the computer where you have the Linux/AIX SolarWinds Platform Agent installed.
If you used the default path to install your SolarWinds Platform, the public keys for your Linux distribution are available on your main SolarWinds Platform server in the following folder(s): C:\Program Files\SolarWinds\Orion\AgentManagement\Installers\LinuxRepository\dists\<dist-name>\
Examples
Import the public key using apt-get
You can use these steps to import the public key when deploying a Linux agent on Ubuntu 18 or later using a script for your package management tool.
-
Run the code to add the repository (copied from the Download Agent Wizard).
-
Run
apt-get update
. Check the output for the following errors:signatures couldn't be verified because the public key is not available
. -
If the error occurs, run the following command to import public keys for the agent repository:
sudo apt-key add Release.key
OK
Import the key using RPM
You can use these steps to import the public key when deploying the agent using a downloaded RPM file.
-
Download the agent RPM file to
agent_centos8/x86_64/
. -
If you see a warning that the key is not there (
NOKEY
), use therpm --import command
, for example:rpm --import agent_centos8/x86_64/repodata/repomd.xml.key
-
Verify that the key was imported:
rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey)
-
Verify the signature:
rpm -Kv agent_centos8/x86_64/swiagent-2023.1.0.*-centos-8.5-x64.rpm
No warning will be included.