Documentation forSolarWinds Platform Self-Hosted

Certificates and the agent in the SolarWinds Platform

This topic applies only to the following SolarWinds Platform products:

SolarWinds Observability Self-Hosted

DPAIMLANAMNPMSAMSCMSRMVMAN*

SolarWinds Platform Agent software certificate

The SolarWinds Platform Agent software is signed using the DigiCert Assured ID Root Certificate Authority certificate. The certificate must be valid.

If your certificate is not valid:

  1. Download the following certificate from DigiCert Trusted Root Authority Certificates (© 2021 DigiCert Inc., available at https://www.digicert.com/kb/digicert-root-certificates.htm, obtained on May 3, 2021.)

    DigiCert Assured ID Root CA

    SHA1 Fingerprint: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43

    SHA256 Fingerprint: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:3

  2. Install the certificate to the Local Computer\Trusted Root Certification Authority store on the server hosting the agent.

For more information, search for "Add the Certificates Snap-in to an MMC" at technet.microsoft.com.

SolarWinds Platform and SolarWinds Platform Agent certificates

SolarWinds Platform uses a certificate you can add in the Configuration Wizard. See Configure the SolarWinds Platform Web Console to use HTTPS.

When you install SolarWinds Platform Agents, the SolarWinds Platform generates a unique certificate for each agent. These certificates are signed by the SolarWinds certificate you added in the Configuration Wizard. The certificate is stored in the SolarWinds Platform database and in the SolarWinds Platform Agent. It is used for authentication and encryption of the communication between SolarWinds Platform and the agent.

Signing Linux/AIX SolarWinds Platform Agents

Starting with 2023.1, Linux/AIX installation packages (rpm/deb packages) and repositories (yum/zypper/apt repositories) are signed.

You might need to import the public GPG key manually to the computer where you have the Linux/AIX SolarWinds Platform Agent installed.

If you used the default path to install your SolarWinds Platform, the public keys for your Linux distribution are available on your main SolarWinds Platform server in the following folder(s): C:\Program Files\SolarWinds\Orion\AgentManagement\Installers\LinuxRepository\dists\<dist-name>\

Examples

Import the public key using apt-get

You can use these steps to import the public key when deploying a Linux agent on Ubuntu 18 or later using a script for your package management tool.

  1. Run the code to add the repository (copied from the Download Agent Wizard).

  2. Run apt-get update. Check the output for the following errors: signatures couldn't be verified because the public key is not available.

  3. If the error occurs, run the following command to import public keys for the agent repository:

    sudo apt-key add Release.key
    OK

Import the key using RPM

You can use these steps to import the public key when deploying the agent using a downloaded RPM file.

  1. Download the agent RPM file to agent_centos8/x86_64/.

  2. If you see a warning that the key is not there (NOKEY), use the rpm --import command, for example:

    rpm --import agent_centos8/x86_64/repodata/repomd.xml.key

  3. Verify that the key was imported:

    rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey)

  4. Verify the signature:

    rpm -Kv agent_centos8/x86_64/swiagent-2023.1.0.*-centos-8.5-x64.rpm

No warning will be included.