Hello everyone,
I inherited a NagiosXI system from a previous admin and overall the system is in excellent shape. I am exploring the possibility of migrating to the NCPA agent for our Windows Servers. We are currently using NSClient++ agents. The main reason for the possible change is to take advantage of stronger SSL ciphers. One item I have not figured out is how to use a signed SSL certificate instead of the self signed cert for the Web GUI. I had orginally planned to used a wildcard certificate for the NCPA agent. When I point to the .crt file in the ncpa.cfg file and restart the ncpa listener service I'm unable to access the Web GUI at https://localhost:5693. I am also unable to connect to the Web GUI. Are wildcard certificates supported and if so what is the correct way to enter the file path in the config file? I have tired the absolute path and relative path. As part of my troubleshooting I attempted to explicitly point to the self sign certs under C:\Program Files (x86)\Nagios\NCPA\var and encountered the same issue. I have attached the relevant portion of the ncpa.cfg. Any help would be appreciated. Thank you.
#
# SSL connection and certificate config (if an SSL option is not available on some older
# operating systems it will default back to TLSv1)
# ssl_version options: TLSv1, TLSv1_1, TLSv1_2
#
ssl_version = TLSv1_2
----------- The methods I tried ---- This line is not in the config file
certificate = etc/SignedCert.crt
certificate = C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.crt
NCPA SSL Certificate
-
kyang
Re: NCPA SSL Certificate
You will need to add the key next to your crt location. (Comma separate, and no space in between) absolute path.
Restart the ncpa_listener service and try accessing the Web GUI again.
Let me know if this helps!
Code: Select all
certificate = C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.crt,C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.keyLet me know if this helps!
-
IT-OPS-SYS
- Posts: 184
- Joined: Sun Jan 07, 2018 12:56 pm
Re: NCPA SSL Certificate
Hi Kyang,
Yes that did the trick. The documentation here https://www.nagios.org/ncpa/help.php#co ... -reference does not mention having to have the key specified in a comma separate list. Thank you for you help. This thread can be marked as solved.
Yes that did the trick. The documentation here https://www.nagios.org/ncpa/help.php#co ... -reference does not mention having to have the key specified in a comma separate list. Thank you for you help. This thread can be marked as solved.
kyang wrote:You will need to add the key next to your crt location. (Comma separate, and no space in between) absolute path.
Restart the ncpa_listener service and try accessing the Web GUI again.Code: Select all
certificate = C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.crt,C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.key
Let me know if this helps!
-
kyang
Re: NCPA SSL Certificate
Awesome!
I have mentioned the fix to the developer who maintains the documentation.
We will have that fixed!
If you have any more questions, feel free to create another thread.
Thanks for using the Nagios Support Forum!
I have mentioned the fix to the developer who maintains the documentation.
We will have that fixed!
If you have any more questions, feel free to create another thread.
Thanks for using the Nagios Support Forum!