The Log Insight Agents reject self-signed certificate.

The Log Insight Agents reject self-signed certificate and cannot establish connection with the server.


If you experience connection problems with the Agent, you can check the detailed logs by changing the debug level for the vRealize Log Insight Agent to 1. See Define Log Details Level in the Log Insight Agents.

The messages you see in the vRealize Log Insight Agent log have specific reasons.



Rejecting peer self-signed certificate. Public key doesn't match previously stored certificate's key.

This might happen when the Log Insight Server certificate is replaced.

Rejecting peer self-signed certificate. Have a previously received certificate which is signed by trusted CA.

There is a CA-signed certificate stored at Agent side.

Verify whether your target host name is a trusted vRealize Log Insight instance, and then manually delete the previous certificate from vRealize Log Insight Agent cert directory.

For Log Insight Windows Agent, go to C:\ProgramData\VMware\Log Insight Agent\cert.

For Log Insight Linux Agent, go to /var/lib/loginsight-agent/cert.


Some platforms might use nonstandard paths for storing trusted certificates. The Log Insight Agents have an option to configure the path to trusted certificates store by setting the ssl_ca_path=<fullpath> configuration parameter. Replace <fullpath> with the path to the trusted root certificates bundle file. See Configure the Log Insight Agents SSL Parameters.