Prisma Cloud Compute: How to resolve "failed executing twistcli" error while scanning AWS AMI Images in Prisma Cloud

• You are setting up VM images scanning for AWS and you encounter this error:

"Failed executing twistcli: Get "<self-hosted console URL>:<port>/api/v<version>/authenticate/identity-redirect-url?type=prismaCloud": tls: failed to verify certificate: x509: certificate signed by unknown authority

• Prisma Cloud Enterprise Edition
• Prisma Cloud Compute Edition
• AWS
• AMI Image Scanning

• This could be happening because you have configured your custom certificate for your load-balancer and that certificate is not added to your console.
• The way back-end logic works is, it looks for if there’s a custom cert configured on console, it uses that, else it pulls the default self-signed cert.
• If  your custom cert in only configured on the load balancer, and not on the console, twistlock's default self-signed cert is pulled while scanning and the load balancer rejects that and we get this error.

There are two possible solutions:

1) Add your custom cert in console Manage->Authentication->System Certificates
2) Or Instead of using custom self-signed certificate on the load balancer, you can use twistlock's default self-signed certificate