NCPA and SSL Cert

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
krobertson71
Posts: 444
Joined: Tue Feb 11, 2014 10:16 pm

NCPA and SSL Cert

Post by krobertson71 »

I have been getting some questions/concerns about the certificate used for the NCPA agent.

I looked through on GitHub and it looks like the agents creates it's own self-signed certificate.

We have our own certificates we like to use with stronger ciphers. Is it possible to use our own certificate?

Reason I ask is because this was brought to my attention on the 1.7 Coniguration page.

Code: Select all

certificate
    EXPERIMENTAL. Allows you to specify the file name for the SSL certificate you wish to use with the NCPA server. If left adhoc, a new self-signed certificate will be generated and used for the server.
I also noticed this in the certificate.py code:

Code: Select all

def create_self_signed_cert(cert_dir, cert_file, key_file):
target_cert = os.path.join(cert_dir, cert_file)
target_key = os.path.join(cert_dir, key_file)
if not os.path.exists(target_cert) or not os.path.exists(target_key):
# create a key pair
k = OpenSSL.crypto.PKey()
k.generate_key(OpenSSL.crypto.TYPE_RSA, 1024)
I could be wrong, probably am, but it looks like it looks for a cert, and if none found generate its own keypair?
So my question really is, does the agent support using other certs instead of it's own generated one. The Experimental tag is of concern.
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: NCPA and SSL Cert

Post by sreinhardt »

SSL and cert usage in general was added with about 1.7.0. It "SHOULD" work with external certs as you found, with the certificate config directive. I know Nick and I both tested it when he was originally putting it out, and had no issues with changing from a self assigned cert. I believe Nick was just being a bit protective there, experimental probably should be changed to *new feature* or something to better indicate that it works in our testing, just has not had extensive external testing.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
krobertson71
Posts: 444
Joined: Tue Feb 11, 2014 10:16 pm

Re: NCPA and SSL Cert

Post by krobertson71 »

Well consider me your external tester.

Will be tesing this sometime this week, latest will be early next week.

Will report back to this thread with results.
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: NCPA and SSL Cert

Post by sreinhardt »

Thanks external testers are awesome! If you have any questions or issues let me know!
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
krobertson71
Posts: 444
Joined: Tue Feb 11, 2014 10:16 pm

Re: NCPA and SSL Cert

Post by krobertson71 »

Just for verficiation. Do I provide the path or do I just place our cert in /usr/local/ncpa and specify the name in place of adhoc, ex: Change adhoc to company.crt??
Top
abrist
Red Shirt
Posts: 8334
Joined: Thu Nov 15, 2012 1:20 pm

Re: NCPA and SSL Cert

Post by abrist »

Provide a path and filename in the config. adhoc is only used if you want ncpa to generate a cert.
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Top
Locked

Return to “Nagios XI”