How do I troubleshoot the Nanitor collector?
A good start is to look at the /var/log/nanitor/nanitor_collector.log. The logfile often shows the cause when something goes wrong.
The logfile shows a x509 error, how do I fix it?
The Nanitor collector speaks directly to the Nanitor server via HTTPS. This error occurs when the Nanitor collector is not trusting the SSL certificate of the server. This means we need to obtain the root certificate of the signer of the Nanitor server certificate. Once we have that we can do the following on the Collector. The CA certificate needs to be in a PEM format. Lets say we have obtained ca-chain.cer from Microsoft Certification services then we need to convert it first to PEM:
openssl x509 -inform der -in /root/ca-chain.cer -out /root/ca-chain.pem
Now we can copy the PEM into the CentOS 7 trusted CA store and update the CA store:
cp /root/ca-chain.pem /etc/pki/ca-trust/source/anchors/ update-ca-trust