[Fusioninventory-user] cacert.pem on Windows Agents

Guillaume Rousse guillomovitch at gmail.com
Thu Jan 9 17:37:40 UTC 2014

Le 09/01/2014 17:00, Kevin COUSIN a écrit :
> Hi list,
> I found an error in the Fusioninventory 2.3.4 agent on Windows. The cacert.pem file is not installed with the package or perhaps I miss something...
> [Thu Jan  9 09:11:03 2014][error] [http client] communication error: 500 SSL_ca_file C:\Program Files\FusionInventory-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem does not exist
> [Thu Jan  9 09:11:03 2014][fault] No answer from the server at C:\Program Files\FusionInventory-Agent\perl\agent/FusionInventory/Agent.pm line 261.
> Must I download this file manually ?
That's the default behaviour of LWP to try to load the certificate 
bundle provided by the Mozilla::CA if you don't provide your own CA 
certificate. We may eventually also include this perl module in the 
windows distribution, but that will only benefit to people using a 
server certificate signed by some well-known CA such as Thawte or Verisign.

What you must do is either:
1) disable https completly
2) disable server certificate checking
3) distribute the server certificate on the client, and use it as a 
pseudo-AC certificate
4) distribute the actual AC certificate on the client

If you don't understand what an AC is, you'd better use solution 2 to 
avoid troubles.

More information about the Fusioninventory-user mailing list