Adding Additional CA Certificates

If a connector hosted within your Lumos On-Premise Agent needs to connect via HTTPS to a service that utilizes internal or self signed certificates, you may need to add additional certificate files for the Agent and Connectors to use.

Windows

When the Lumos On Premise Agent is running on Windows Server, it will utilize the operating system's Certificate Store. In order to add an additional certificate for the Agent to use. To import a new certificate, follow these steps

1. Double-click the .crt file you wish to install
2. Click “Install Certificate…”
3. In the wizard:
   • Choose “Local Machine” • Click Next • You may be prompted for admin privileges — click Yes
4. Select:
   • “Place all certificates in the following store” • Click Browse and choose: Trusted Root Certification Authorities
5. Click Next, then Finish
6. You should see a message:
   “The import was successful”

Docker

In order to add additional certificates to the Docker based On-Premise Agent, you need to mount a volume containing the certificates to the file location /onprem/additional_certs. Each certificate should be in PEM format and the files should have the extension .crt or the import process will not work correctly. How this volume is mounted will depend on your deployment process.

An example of a command to run the Lumos On-Premise Agent through docker with additional certificates (This assumes there is a local directory called additional_certs containing the certificate files)

docker run -e LUMOS_ON_PREMISE_AGENT_API_KEY={your_api_key} -v ./additional_certs:/onprem/additional_certs public.ecr.aws/g3l5j2q0/lumos/on-premise-agent:latest