GitHub user d-chatterjee60 added a comment to the discussion: 4.22.1.0 KVM — agent SSL handshake fails, cert-import leaves agent self-signed
@weizhouapache and @TheKunalSen Thanks for your suggestions and for taking the time to help. I tried setting `ca.plugin.root.auth.strictness=false` and also using **Provision host security keys**, but in my case the root cause turned out to be unrelated to the CA plugin. The actual issue was an **MTU mismatch** between the management server and the KVM host network. Because of the MTU problem, the TLS handshake packets were not being transmitted correctly, which caused the `NEED_UNWRAP` timeout during the SSL handshake. After correcting the MTU configuration and ensuring both sides used the same MTU, the agent successfully received the management-signed certificate and the host was added without any issues. Thanks again for your help—I really appreciate it. Hopefully this information will also help anyone else who encounters the same symptoms. GitHub link: https://github.com/apache/cloudstack/discussions/13572#discussioncomment-17602196 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
