Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

InfraAgent: Head https://infra-api.newrelic.com: x509: certificate signed by unknown authority

agent
newrelic-infra
certificate
x509

#1

Continuing the discussion from Help with Infrastructure Install Failing:

I have installed the NR Infra agent for Windows on 15 servers across 2 DCs. As of right now, only 4 of the agents are communicating with NR.

Manually starting the newrelic-infra.exe app shows the following errors on the other servers:

time="2018-06-07T17:53:08-04:00" level=warning msg="network error waiting for endpoint, retrying" error="Head https://infra-api.newrelic.com: x509: certificate signed by unknown authority"

Following the troubleshooting above, I did find on my working servers the GeoTrust Root CA cert. I exported and imported that from the working to a non-working server (Trusted Root Certification Authorities Store). However, I am still getting the same error.

All of these servers are in the same GPO/Security Posture and should be working.

Running a request in PowerShell using the GetResponse() method of [System.Net.WebRequest] also errors from this server: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

Is this still the correct certificate to use? If so, are there further troubleshooting/remediation steps I can take?


#2

EDIT: After going line-by-line and comparing certs between servers, I have added the DigiCert Global Root CA to the Trusted Root Certification Authorities Store and it seems to have resolved the problem.

Download Link: https://www.digicert.com/digicert-root-certificates.htm


#3

Hi @zackm -

Thanks for solving your own problem and making sure others can learn from you! :trophy: I think this is getting to be a habit with you!


#4

@Newrelic team: Can you please confirm about the certificate install is compliance with you.
SO that we can install the same as we do face the same issue and this is fixing the bug.