Skip to main content
Question

CMA : Utilisation du magasin d’autorités de certification Windows \ Use of the Windows Certification Authorities Store

  • December 12, 2025
  • 5 replies
  • 43 views
M
Forum|alt.badge.img+5

Est-il possible d’utiliser le magasin d’autorités de certification Windows plutôt que de devoir spécifier un chemin vers un fichier de certificat en dur ?
Les autorités de certification étant déjà déployées sur mes serveurs via des GPO, il serait pertinent de pouvoir s’appuyer sur ce mécanisme existant plutôt que de maintenir des fichiers séparés.

 

 

Is it possible to use the Windows Certification Authorities store instead of specifying a hard-coded path to a certificate file?
Since the certification authorities are already deployed to my servers via Group Policy, it would make sense to leverage this existing mechanism rather than maintaining separate certificate files.

A

5 replies

fmattes
Centreonian
Forum|alt.badge.img+10
  • fmattes
  • Centreonian
  • December 12, 2025

Hi,

yes, it’s possible to store CMA certificates in Windows Certification Authorities Store, if you are using “Agent-initiated connection” mode.

Florian MATTES - Group Product Manager - Data collection
M
Forum|alt.badge.img+5
  • Mickael
  • Author
  • Steward **
  • December 12, 2025

Hello,

I am correctly configured in “Agent-initiated connection” mode.
What configuration is required on the agent side to instruct it to validate certificates using the Windows certificate store?

I tried leaving the CA field empty, but this does not work.

For your information, my CA certificates are installed in the Local Computer certificate store, under Intermediate Certification Authorities.

Thank you in advance.

fmattes
Centreonian
Forum|alt.badge.img+10
  • fmattes
  • Centreonian
  • December 15, 2025

Hi,

Thanks for your feedback.

Could you indicate your CMA version, and how you configured other certifcate fields ? 

All certificate fields should be empty.

Could you also send me in private (or post here) CMA logs, in debug mode ? 

Thanks

Florian MATTES - Group Product Manager - Data collection
M
Forum|alt.badge.img+5
  • Mickael
  • Author
  • Steward **
  • December 16, 2025

CMA version: 24.10.11
If I am not mistaken, in “Agent-initiated connection” mode there is only the Certificates > CA field, and it is indeed empty in my configuration.

Here are the logs.

[2025-12-15 13:24:20.311] [centreon-monitoring-agent] [error] [bireactor.cc:191] 0x17f31d33950 peer:POLLER-adm:4317 client::OnDone(failed to connect to all addresses; last error: UNKNOWN: ipv4:X.X.X.X:4317: Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:0A000086:SSL routines::certificate verify failed: unable to get local issuer certificate) 
[2025-12-15 13:24:20.322] [centreon-monitoring-agent] [debug] [bireactor.cc:58] delete client this=0x17f31d33950 peer:POLLER-adm:4317
[2025-12-15 13:24:21.359] [centreon-monitoring-agent] [info] [ssl_transport_security.cc:1665] Handshake failed with error SSL_ERROR_SSL: error:0A000086:SSL routines::certificate verify failed: unable to get local issuer certificate
[2025-12-15 13:24:23.162] [centreon-monitoring-agent] [info] [ssl_transport_security.cc:1665] Handshake failed with error SSL_ERROR_SSL: error:0A000086:SSL routines::certificate verify failed: unable to get local issuer certificate
[2025-12-15 13:24:25.944] [centreon-monitoring-agent] [info] [ssl_transport_security.cc:1665] Handshake failed with error SSL_ERROR_SSL: error:0A000086:SSL routines::certificate verify failed: unable to get local issuer certificate
[2025-12-15 13:24:30.068] [centreon-monitoring-agent] [info] [ssl_transport_security.cc:1665] Handshake failed with error SSL_ERROR_SSL: error:0A000086:SSL routines::certificate verify failed: unable to get local issuer certificate
[2025-12-15 13:24:30.326] [centreon-monitoring-agent] [debug] [bireactor.cc:52] create client this=0x17f31d33950 peer:POLLER-adm:4317
[2025-12-15 13:24:30.327] [centreon-monitoring-agent] [error] [bireactor.cc:100] 0x17f31d33950 client peer:POLLER-adm:4317 fail read from stream
[2025-12-15 13:24:30.358] [centreon-monitoring-agent] [error] [bireactor.cc:150] 0x17f31d33950 client peer POLLER-adm:4317 fail write to stream
[2025-12-15 13:24:30.358] [centreon-monitoring-agent] [debug] [bireactor.cc:200] 0x17f31d33950 client::shutdown
[2025-12-15 13:24:30.358] [centreon-monitoring-agent] [error] [bireactor.cc:191] 0x17f31d33950 peer:POLLER-adm:4317 client::OnDone(failed to connect to all addresses; last error: UNKNOWN: ipv4:X.X.X.X:4317: Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:0A000086:SSL routines::certificate verify failed: unable to get local issuer certificate) 

fmattes
Centreonian
Forum|alt.badge.img+10
  • fmattes
  • Centreonian
  • December 16, 2025

Hi,

Thanks, i created an issue about this, it may be a bug or a best practice which need a documentation. 

I will keep you informed.

Florian MATTES - Group Product Manager - Data collection
Terms & ConditionsCookie settingsAccessibility statement