Relic Solution: Custom certificates for ping monitors

Deprecated -

This post focusses on the legacy VM version of private locations, which were sunset in August 2019.
For Containerised private minions, you may have success with the following resources:

Note that these resources have not been tested on Containerised Private Minions.

Do you use your own internal Certificate Authority (CA)? Does that CA sign the certificates? Does that break your ability to use Synthetics monitors against your internal sites? Well we may be able to help…


  • You’ll need to be using Private Locations,
  • This won’t work for scripted monitors, only pings.
  • Scripted monitors run in a docker instance with no access to the OS’s certificate store.
  • These steps assume you already have your custom .crt file.


You’ll need to add your certificates to the Ubuntu certificate store, so below is exactly how to do that.

  1. Open a terminal and navigate locally to the directory you saved the .crt
  2. Launch sftp with sftp synthetics@{minion_ip} password: synthetics
  3. Upload the certificate using put cert-name-here.crt

This uploads the certificate to the home directory on the minion, /home/synthetics. Next we’ll need to get the cert to the Ubuntu certificate store: /etc/ssl/certs

  1. Add the .crt file to the directory: /usr/local/share/ca-certificates
  2. Run the command: sudo update-ca-certificates

The above command should concat the certificate to the file /etc/ssl/certs/ca-certificates.crt


When you tick the ‘Verify SSL’ checkbox, the minion running those checks simply runs the command:

openssl s_client -servername {YOUR_HOSTNAME} -connect {YOUR_HOSTNAME}:443 -CApath /etc/ssl/certs -verify_hostname {YOUR_HOSTNAME} > /dev/null

So to test the custom cert is working, you can run that command against your endpoint from within the private minion.

Note that if you upgrade your minions you’ll need to re-do this process. Since currently updating minions involves a full new machine image.

Good news though is that greater support for custom certificates is something our product development teams are hoping to include in the containerised minion that is on their roadmap.

Thanks to @Michel_L for providing this solution :smiley: