Title

Certificate revocation issues while using the Flexera Kubernetes inventory agent

Certificate revocation issues can occur with the Flexera Kubernetes agent when applying a custom CA certificate bundle. When using a custom CA certificate bundle, a volume is mounted within the container at /var/opt/managesoft/etc/ssl. When the storage volume is a Secret or a ConfigMap, that volume is mounted as read-only. Because it's read-only, the write fails when the upload agent (ndupload) downloads revocation list files and attempts to write them to that volume.

You may see the following such errors in this situation:

Error 0xE0000002: No such file or directory 2
Error 0xE0500454: Failed to write local file /var/opt/managesoft/etc/ssl/ocsp/4f2f13d0.ocsp 3
Error 0xE0000002: No such file or directory 4
Error 0xE0500454: Failed to write local file /var/opt/managesoft/etc/ssl/crls/1f6380c7.r0 5
Error 0xE050057C: HTTPS certificate revocation status could not be determined

Solution

Create an INI file containing the following:
```
[ManageSoft\Common]
CheckCertificateRevocation=False
```
NOTE: You can use any file name (example: patch.ini).
Create a ConfigMap within the Flexera namespace to store the patch files using the following command:
```
kubectl create configmap krm-config --namespace flexera --from-file=patch.ini
```

Within the YAML file, add the ConfigMap within the spec.monitor.configPatch. For example:

apiVersion: agents.flexera.com/v1
kind: KRM
spec:
  monitor:
    configPatch:
      name: krm-config

After you redeploy the updated YAML file or instantiate the monitor pod, it should be able to read the INI file you created. Check the logs to validate that the INI file was read using the following command:
```
kubectl exec -n flexera krm-instance-monitor-0 -- cat /var/opt/managesoft/log/uploader.log
```

For more details, see Patching config.ini through Flexera Kubernetes Inventory Agent.

Was this helpful?

Support Hub

Product

FlexNet Manager Suite

Deployment type

On-premises

Visibility

Guest

URL Name

certificate-revocation-issues-while-using-the-flexera-kubernetes-inventory-agent

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.

Solution

Related Articles

Please wait...

Case id: 00001065