[Fusioninventory-devel] Provide the Windows agent installer a CA .pem file for him to store alongside the agent?

[DUVERGIER Claude]

Hello,

I'm moving to secured GLPI-Agent communications and I've a question
relating to certificate location on agent side (I get FusionInventory
Agent won't/can't read Windows certificate store).

The "/ca-cert-file" command line option (or the corresponding GUI field)
allows me to specify the CA I want the agent to trust (id. the one(s)
that signed the certificate the GLPI server is using).

Currently the installer reads the provided filepath and stores it (the
path) in the registry for the agent to use it at runtime.

The thing is: At final I would like that CA file to be stored in the
agent installation dir (the must would be in %ProgramData% be FI isn't
using that, yet).

*Question:*
Is there a way to tell the installer to read that filepath, copy the
file into the agent's installation base directory (into "certs\"
subdirectory for example) and store that new path into registry for
agent to use when running ?

The closest I get is to copy the file myself (via scripts) and use the
following command line options:

> /installdir="C:\Program Files\FusionInventory-Agent" /ca-cert-file="C:\Program
Files\FusionInventory-Agent\certs\my_trusted_cas.pem"

I'm using "/installdir" just to be sure, in case the default location
("C:\Program Files\FusionInventory-Agent") changes in future release.

The other option I have is to, similar to *nix systems, create a central
CA "repo" on disk (say "C:\etc\ssl\certs") for any software like FI to use.

I'm looking forward for any hint/advice/comments about this :)

--
DUVERGIER Claude