[GH-ISSUE #851] x509 certificate signed by unknown authority - Installing Agent Windows 10 #535

New issue

Closed

opened 2026-03-02 02:17:06 +03:00 by kerem · 6 comments

kerem commented 2026-03-02 02:17:06 +03:00

Owner

Copy link

Originally created by @al3xOA on GitHub (Dec 10, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/851

Successfully installed tacticalrmm. When test installing an agent, during install I get the error described in the title. I've been poking and prodding around but my guess is the ssl cert correct? I'm using cloudflare as my dns but proxy is turned off on the api.x.com domain.

Would it be fair to see this is an ssl cert issue and to use the cloudflare ca cert to resolve the issue?

Originally created by @al3xOA on GitHub (Dec 10, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/851 Successfully installed tacticalrmm. When test installing an agent, during install I get the error described in the title. I've been poking and prodding around but my guess is the ssl cert correct? I'm using cloudflare as my dns but proxy is turned off on the api.x.com domain. Would it be fair to see this is an ssl cert issue and to use the cloudflare ca cert to resolve the issue?

kerem closed this issue 2026-03-02 02:17:06 +03:00

kerem commented 2026-03-02 02:17:07 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Dec 10, 2021):

Maybe I suggest first of all that you redact your domain asap.

However I have checked and your rmm & mesh urls are working fine but your api one is showing a certificate error.

Are you using docker or standard install?

<!-- gh-comment-id:991187505 --> @dinger1986 commented on GitHub (Dec 10, 2021): Maybe I suggest first of all that you redact your domain asap. However I have checked and your rmm & mesh urls are working fine but your api one is showing a certificate error. Are you using docker or standard install?

kerem commented 2026-03-02 02:17:07 +03:00

Author

Owner

Copy link

@al3xOA commented on GitHub (Dec 10, 2021):

I'm using a traditional install on esxi, fresh ubuntu lts. I'm thinking of possibly pointing the default lets encrypt certs to the cloudflare wildcard certs provided by cloudflare. I plan on uploading them to a certs folder as recommended by one of the torubleshooting pages on rmm to see if that's the issue.

Attached is the NAT service status error i'm seeing:
Dec 10 17:54:00 rmm nats-server[5521]: [5521] 2021/12/10 17:54:00.526011 [ERR] "redacted but personal ip":62762 - cid:5 - TLS handshake error: EOF

<!-- gh-comment-id:991205272 --> @al3xOA commented on GitHub (Dec 10, 2021): > I'm using a traditional install on esxi, fresh ubuntu lts. I'm thinking of possibly pointing the default lets encrypt certs to the cloudflare wildcard certs provided by cloudflare. I plan on uploading them to a certs folder as recommended by one of the torubleshooting pages on rmm to see if that's the issue. Attached is the NAT service status error i'm seeing: Dec 10 17:54:00 rmm nats-server[5521]: [5521] 2021/12/10 17:54:00.526011 [ERR] "redacted but personal ip":62762 - cid:5 - TLS handshake error: EOF

kerem commented 2026-03-02 02:17:07 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Dec 10, 2021):

Yes put them on the machine and that should solve the issue, theres a guide for using your own certs

<!-- gh-comment-id:991206766 --> @dinger1986 commented on GitHub (Dec 10, 2021): Yes put them on the machine and that should solve the issue, theres a guide for using your own certs

kerem commented 2026-03-02 02:17:07 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Dec 11, 2021):

can we close this now?

<!-- gh-comment-id:991625129 --> @dinger1986 commented on GitHub (Dec 11, 2021): can we close this now?

kerem commented 2026-03-02 02:17:07 +03:00

Author

Owner

Copy link

@al3xOA commented on GitHub (Dec 11, 2021):

actually, after setting up the custom certs location and moving the cloudflare public and pirvate keys to the custom locations I still get the error. One final thing I was thinking is the original letsencrypt fullchain.pem has 3 certificates embedded as it should. My /certs/x.domain.com/fullchain.pem has the public key only. Could this be an issue?

<!-- gh-comment-id:991660561 --> @al3xOA commented on GitHub (Dec 11, 2021): > actually, after setting up the custom certs location and moving the cloudflare public and pirvate keys to the custom locations I still get the error. One final thing I was thinking is the original letsencrypt fullchain.pem has 3 certificates embedded as it should. My /certs/x.domain.com/fullchain.pem has the public key only. Could this be an issue?

kerem commented 2026-03-02 02:17:07 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Dec 11, 2021):

Could just use cloudflare without proxy and dns only for all domains and would work fine

Suggest you discuss on #unsupported on our discord channel.

Closing on here as unsupported config.

<!-- gh-comment-id:991688335 --> @dinger1986 commented on GitHub (Dec 11, 2021): Could just use cloudflare without proxy and dns only for all domains and would work fine Suggest you discuss on #unsupported on our discord channel. Closing on here as unsupported config.

kerem referenced this issue 2026-03-14 03:23:30 +03:00

[GH-ISSUE #535] Enhance Remote Background | Event Log | Blank items #2282

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#535

No description provided.