[Fusioninventory-user] cacert.pem on Windows Agents
Guillaume Rousse
guillomovitch at gmail.com
Thu Jan 9 17:37:40 UTC 2014
Le 09/01/2014 17:00, Kevin COUSIN a écrit :
> Hi list,
>
> I found an error in the Fusioninventory 2.3.4 agent on Windows. The cacert.pem file is not installed with the package or perhaps I miss something...
>
> [Thu Jan 9 09:11:03 2014][error] [http client] communication error: 500 SSL_ca_file C:\Program Files\FusionInventory-Agent\perl\vendor\lib\Mozilla\CA\cacert.pem does not exist
> [Thu Jan 9 09:11:03 2014][fault] No answer from the server at C:\Program Files\FusionInventory-Agent\perl\agent/FusionInventory/Agent.pm line 261.
>
> Must I download this file manually ?
That's the default behaviour of LWP to try to load the certificate
bundle provided by the Mozilla::CA if you don't provide your own CA
certificate. We may eventually also include this perl module in the
windows distribution, but that will only benefit to people using a
server certificate signed by some well-known CA such as Thawte or Verisign.
What you must do is either:
1) disable https completly
2) disable server certificate checking
3) distribute the server certificate on the client, and use it as a
pseudo-AC certificate
4) distribute the actual AC certificate on the client
If you don't understand what an AC is, you'd better use solution 2 to
avoid troubles.
--
Guillaume
More information about the Fusioninventory-user
mailing list