Understanding of the main SSL functions can help you configure the VMware Aria Operations for Logs Agents properly.
- For Windows go to C:\ProgramData\VMware\Log Insight Agent\cert.
- For Linux go to /var/lib/loginsight-agent/cert.
- The VMware Aria Operations for Logs Linux Agent loads trusted certificates from /etc/pki/tls/certs/ca-bundle.crt or /etc/ssl/certs/ca-certificates.crt.
- The VMware Aria Operations for Logs Windows Agent uses system root certificates.
If the VMware Aria Operations for Logs Agent has a locally stored self-signed certificate and receives a different valid self-signed certificate with the same public key, then the agent accepts the new certificate. This can happen when a self-signed certificate is regenerated using the same private key but with different details like new expiration date. Otherwise, connection is rejected.
If the VMware Aria Operations for Logs Agent has a locally stored self-signed certificate and receives valid CA-signed certificate, the VMware Aria Operations for Logs Agent silently replaces new accepted certificate.
If the VMware Aria Operations for Logs Agent receives self-signed certificate after having a CA-signed certificate, the VMware Aria Operations for Logs Agent rejects it. The VMware Aria Operations for Logs Agent accepts self-signed certificate received from VMware Aria Operations for Logs Server only when it connects to the server for the first time.
If the VMware Aria Operations for Logs Agent has a locally stored CA-signed certificate and receives a valid certificate signed by another trusted CA, the Agent rejects it. You can modify the configuration options of the VMware Aria Operations for Logs Agent to accept the new certificate. See Configure the VMware Aria Operations for Logs Agent SSL Parameters.
VMware Aria Operations for Logs Agents communicate over TLSv.1.2. SSLv.3/TLSv.1.0 is deactivated to meet security guidelines.