When trying to update config using CCM I am getting the error ""Backend login to the Core Config Manager failed". Followed instructions in http://support.nagios.com/wiki/index.ph ... n_Problems and looks like the issue is due to certificate. Output of reconfigure_nagios.sh has the following:
WARNING: cannot verify localhost's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
Unable to locally verify the issuer's authority.
WARNING: certificate common name `host.mydomain.com' doesn't match requested host name `localhost'.
I recently had to replace the self signed certificate with one from Digicert because Nessus was flagging the self signed as a vulnerability. Is there a way to modify the script to call the fqdn rather than localhost?
Unfortunately there are a few backend and subsystem calls that are hard-coded for localhost, and for performance reasons we have to keep it that way. I'm wondering if it would work to generate a self-signed certificate for localhost, and have that file included in the ssl.conf. I'm not an expert on SSL certificates by any means, but I'll bounce this off of some of our other team members and see what they think.
I was able to get around this by turning off forced SSL, but that is hardly ideal. This is really something that should be addressed as SSL only and third party trusted certs are common requirements for many security policies and standards.
I agree, but as I mentioned before I believe this is a certificate issue, not a software bug. Here's a tutorial I found for setting up a self-signed certificate for localhost alongside of a CA-signed certificate. http://www.phpmag.ru/2009/08/12/how-to- ... rtificate/