Understanding the main SSL functions can help you configure the Log Insight Agents accurately.

The Log Insight Agent stores certificates and uses them to verify the identity of the Cloud Proxy during all but the first connection to the Cloud Proxy. If the identity cannot be confirmed, the Log Insight Agent rejects the connection and writes an appropriate error message to the log. Certificates received by the agent are stored in the cert folder.
  • For Windows, go to C:\ProgramData\VMware\Log Insight Agent\cert.
  • For Linux, go to /var/lib/loginsight-agent/cert.
When the Log Insight Agent establishes a secure connection with the Cloud Proxy, the agent checks the certificate received from the Cloud Proxy for validity. The Log Insight Agent uses system-trusted root certificates.
  • The Linux agent loads trusted certificates from /etc/pki/tls/certs/ca-bundle.crt or /etc/ssl/certs/ca-certificates.crt.
  • The Windows agent uses system root certificates.

If the Log Insight Agent has a locally stored self-signed certificate and receives a different valid self-signed certificate with the same public key, the agent accepts the new certificate. This can happen when a self-signed certificate is regenerated using the same private key but with different details, such as a new expiration date. Otherwise, the connection is rejected.