Generate cacert.pem from Sectigo wildcard cert

Question

OCS Server version : 2.6 and 2.8

OCS Windows agent version : 2.6 and 2.8

How on earth to get cacert.pm from this particular certificate? I successfully added the file in apache setting and no issue to browse ocs https page when valid certificate but no matter which files I tried to use it does not work on Windows agent with following error ;

ERROR *** AGENT => Failed to send Prolog <SSL peer certificate or SSH remote key was not OK>

I've literally tried thousands of imaginable way to generate cacert.pem from

apache line SSLCertificateFile \path\to\crt\file

generate cert from mozilla, chrome browser

Sectigo website

None of them seems to work. I've tried self signed cert on another server and it's working flawlessly.

Appreciate if anyone can help. Thanks!!

Answer 1

hy, you mean cacert.pem not cacert.pm ? right

an you only have a problem with sectigo certs ? right?

Perhaps it has something to do with a new certificate design rule which Sectigo uses

https://tech.xenit.se/chrome-certificate-warning-invalid-common-name/

I can recomment XCA to analyse how the certificate loos in detail

https://hohnstaedt.de/xca/

perhaps Sectido uses more advanced certificate creation rules ... and OCS-Inventory can't deal with it.

perhaps the problem is only that the cert from Sectigo is a wildcard cert.

perhaps you have to follow this guide here to import the whole certificate tree

I think the certificate tree is the most valuable way to get a solution
http://ask.ocsinventory-ng.org/9713/certificat-wildcard

KInd regards