Can't install the agent on my production linux systems

[siilitman]

I did a test LXC install (4.43.1) on my dev proxmox setup and it's running ok plus i've installed agents but pulse is using http://ipaddress:port for the connection.

I've gone and installed on the production proxmox using LXC (v4.36.0) and setup with https://dns-name:port with a certificate from our internal PKI as this will be internal facing.

When I generate a token and try use the linux script on a linux machine, I'm hitting

curl: (60) SSL certificate problem: unable to get local issuer certificate

I've tried adding -k, --insecure and --certpath /path/to/ca/cert.pem but I'm getting no where with this.

Is there another way of getting this agent onto the Linux systems that gets around curl being obstinate?

[rcourtman]

The error is happening because curl does not trust your internal CA. There are two approaches:

Option 1: Skip certificate verification (quick fix)

Add -k to the initial curl command and --insecure to the script arguments:

curl -fsSLk https://your-pulse:port/install.sh | sudo bash -s -- --url https://your-pulse:port --token <token> --insecure

The -k flag tells curl to skip TLS verification when downloading the install script. The --insecure flag tells the installed agent to skip TLS verification when connecting to Pulse.

Option 2: Add your CA to the system trust store (recommended)

On the target Linux systems, add your internal CA certificate:

# Copy your CA cert to the trust store
sudo cp /path/to/your-ca.crt /usr/local/share/ca-certificates/

# Update the certificate store
sudo update-ca-certificates

Then run the normal install command—curl will trust your internal Pulse server automatically.

Option 2 is more secure since it avoids disabling certificate verification entirely. The exact path and command may vary by distro (on RHEL/CentOS it is trust anchor or placing certs in /etc/pki/ca-trust/source/anchors/).

[siilitman]

Thank you, that's what I was missing.... update-ca-certificates