NagiosXI certificate expired.
I found this document for "How to configure SSL/TLS" - https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Since the certificate is expired, do I need to follow the complete steps in the document or there any other instructions in case of expiry?
Thank You,
Sampath
NagiosXI Certificate Expired
Re: NagiosXI Certificate Expired
If you still have the old csr available you should be able to get away with just getting is signed again(you can increase the expiration time too). If it's a self signed cert this should do the trick:
openssl x509 -req -days 365 -in nagiosxi.csr -signkey nagiosxi.key -out nagiosxi.crt
Once you have the updated cert, just replace the current one a /usr/local/nagiosxi/var/certs/nagiosxi.crt
openssl x509 -req -days 365 -in nagiosxi.csr -signkey nagiosxi.key -out nagiosxi.crt
Once you have the updated cert, just replace the current one a /usr/local/nagiosxi/var/certs/nagiosxi.crt
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
Sampath.Basireddy
- Posts: 252
- Joined: Wed Dec 14, 2016 12:30 pm
Re: NagiosXI Certificate Expired
It is not a self-signed certificate.
Am checking in "/usr/local/nagiosxi/var/certs/" and the folder is empty.
So I checked the file "/etc/httpd/conf.d/ssl.conf" and found below details about Server Certificate & Server Private Key:
Does this mean Nagios is using certificate "/etc/pki/tls/certs/ca.crt"
Am checking in "/usr/local/nagiosxi/var/certs/" and the folder is empty.
So I checked the file "/etc/httpd/conf.d/ssl.conf" and found below details about Server Certificate & Server Private Key:
Code: Select all
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/ca.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/ca.keyRe: NagiosXI Certificate Expired
You will need at least the new certificate and key, if the certificate is issued from a different CA, you will need to make sure that you use that new CA's certificate in your apache configs as well.
SSLCertificateFile /usr/local/nagiosxi/var/certs/nagiosxi.crt <- This is the new cert without the private key
SSLCertificateKeyFile /usr/local/nagiosxi/var/certs/nagiosxi.key <- This is the new cert's private key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt <- Put your entire CA chain in here one on top of the other like this:
Example, ROOT CA with subordinate issuing CA:
SSLCertificateFile /usr/local/nagiosxi/var/certs/nagiosxi.crt <- This is the new cert without the private key
SSLCertificateKeyFile /usr/local/nagiosxi/var/certs/nagiosxi.key <- This is the new cert's private key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt <- Put your entire CA chain in here one on top of the other like this:
Example, ROOT CA with subordinate issuing CA:
Code: Select all
-----BEGIN CERTIFICATE-----
Root CA cert here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Subordinate CA cert here
-----END CERTIFICATE------
Sampath.Basireddy
- Posts: 252
- Joined: Wed Dec 14, 2016 12:30 pm
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NagiosXI Certificate Expired
Great!
Locking thread