SSL Certificate issue

[henryg]

We have an internal CA that issues our certs. When I go through the steps of creating a SSL Cert from http://assets.nagios.com/downloads/nagi ... s%20XI.pdf, I am able to apply the cert, but I am getting an error message that states "This certificate was signed by an unknown authority." The Issued by is correct though. Anyone have an idea what might be causing this type of error? Thanks for any help.

[scottwilkerson]

Are you using the Cert issued by your internal CA, or did you create one using the steps in the doc you referenced?

[henryg]

I am using the Cert issued by my internal CA.

[jdalrymple]

The problem you're experiencing could be caused by a great many things. If you followed that documentation exactly you will have ended up with a self-signed cert from the Nagios server. If however at the point of performing

Code: Select all

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

you broke away and signed on your Internal CA then copied the cert back you should have been fine. It sounds like all of the steps following the signing went well, if you didn't successfully install the certificate httpd wouldn't start and listen using https.

Can you verify that other certificates issued by the same CA are trusted on the same computer using the same browser? Also, is your internal CA a root CA or is it an intermediate CA? If it is an intermediate you will need to create a certificate bundle to install.

[abrist]

What is the output of:

Code: Select all

openssl s_client -connect localhost:443 -CApath /etc/ssl

You may want to PM it as it could contain private info.