Understanding the main SSL functions can help you configure the Log Insight Agents accurately.
- For Windows, go to C:\ProgramData\VMware\Log Insight Agent\cert.
- For Linux, go to /var/lib/loginsight-agent/cert.
- The Linux agent loads trusted certificates from /etc/pki/tls/certs/ca-bundle.crt or /etc/ssl/certs/ca-certificates.crt.
- The Windows agent uses system root certificates.
If the Log Insight Agent has a locally stored self-signed certificate and receives a different valid self-signed certificate with the same public key, the agent accepts the new certificate. This can happen when a self-signed certificate is regenerated using the same private key but with different details, such as a new expiration date. Otherwise, the connection is rejected.