Hi,
I'm seeing this when accessing the console.
How can I fix the problem?
Websites prove their identity via certificates, which are valid for a set time period. The certificate for 10.254.208.41 expired on 1/16/2019.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
expired certificate
Re: expired certificate
That message is just saying that your certification is self-signed. Typically, certifications are signed by another certificate authority. But, it is easier and a more self contained solution to just have it be self signed. Can you acknowledge the message and move on? If your server is behind a firewall, this may not be a high concern for your security team.
You could change the certificate authority, but I would probably have to know more about your system to advise on that... Do you know how HTTPS was configured on that server initially? What operating system is it running?
You could change the certificate authority, but I would probably have to know more about your system to advise on that... Do you know how HTTPS was configured on that server initially? What operating system is it running?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: expired certificate
The fact that is expired seem to cause some problem to external script.
Re: expired certificate
Then you may just need to renew it. Do you know what was used to configure it in the first place?
If you are running Apache, the relevant configuration files are probably at the following locations.
Please post the relevant details from your server, redacting any information that could pose a security risk. Feel free to message ( PM ) me the specific address if it is public, and I would be happy to help test and investigate.
What script is it causing a problem with?
If you are running Apache, the relevant configuration files are probably at the following locations.
Code: Select all
cd /etc/apache2/sites-available
cat *.confWhat script is it causing a problem with?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: expired certificate
Thanks for your answer.
We are using apache, but no sign of you directory in /etc.
root@plgesmon02[/etc]# ls -ltr | grep -i apache
drwsrwsr-x 3 apache nagios 4096 Jan 16 2018 nagiosql
drwxrwxr-x 4 apache nagios 4096 Jan 16 2018 mrtg
drwxrwxr-x. 4 apache nagios 4096 Jan 16 2018 openldap
What is the name of the .conf file you want? I can search for it on the server.
The script used by the customer is a perl script used on a Linux to push passive status to Service in Nagios.
We are using apache, but no sign of you directory in /etc.
root@plgesmon02[/etc]# ls -ltr | grep -i apache
drwsrwsr-x 3 apache nagios 4096 Jan 16 2018 nagiosql
drwxrwxr-x 4 apache nagios 4096 Jan 16 2018 mrtg
drwxrwxr-x. 4 apache nagios 4096 Jan 16 2018 openldap
What is the name of the .conf file you want? I can search for it on the server.
The script used by the customer is a perl script used on a Linux to push passive status to Service in Nagios.
Re: expired certificate
The SSL documentation we have specifies the following location for certificates.
What do you see in that folder?
Sometimes the configuration file is named after the domain it is for. However, there is probably also a default configuration file in the same folder.
Code: Select all
cd /usr/local/nagiosxi/var/certs/ && lsSometimes the configuration file is named after the domain it is for. However, there is probably also a default configuration file in the same folder.
Code: Select all
sudo find / -name *default.confAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: expired certificate
Nothing in that directory as you can see here:
root@plgesmon02[/usr/local/nagiosxi/var/certs]# ls -ltr
total 0
root@plgesmon02[/usr/local/nagiosxi/var/certs]#
And this is the result of the find:
root@plgesmon02[/usr/local/nagiosxi/var/certs]# find / -name *default.conf
/usr/share/alsa/pcm/default.conf
/usr/share/rear/conf/default.conf
root@plgesmon02[/usr/local/nagiosxi/var/certs]# ls -ltr
total 0
root@plgesmon02[/usr/local/nagiosxi/var/certs]#
And this is the result of the find:
root@plgesmon02[/usr/local/nagiosxi/var/certs]# find / -name *default.conf
/usr/share/alsa/pcm/default.conf
/usr/share/rear/conf/default.conf
Re: expired certificate
Are you using Red Hat or CentOS? If so, the configuration file may be in the following location instead.
You may want to just create another SSL certificate, and edit the configuration file accordingly. If you have openssl installed on that machine, you can do so by executing the following commands.
Navigate to the directory.
Create the key.
Then create the configuration file.
Don't forget to grant it permissions.
Some of these steps may be slightly different depending on how your system is configured. Please refer to the following linked documentation for more detailed instructions on how to properly create and edit these files.
SSL DOCUMENT
Code: Select all
/etc/httpd/conf.d/ssl.confNavigate to the directory.
Code: Select all
cd /usr/local/nagiosxi/var/certs
Code: Select all
openssl genrsa -out nagiosxi.key 2048
Code: Select all
openssl req -new -key nagiosxi.key -out nagiosxi.csr
openssl x509 -req -days 365 -in nagiosxi.csr -signkey nagiosxi.key -out nagiosxi.crt
Code: Select all
chmod go-rwx nagiosxi.*
SSL DOCUMENT
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: expired certificate
Hi,
Sorry for the delay to answer back. I was in vacation.
I'm using centOS.
So the idea would be to generate a new certificate and change the /etc/httpd/conf.d/ssl.conf to use it? I guess at this line?:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
Sorry for the delay to answer back. I was in vacation.
I'm using centOS.
So the idea would be to generate a new certificate and change the /etc/httpd/conf.d/ssl.conf to use it? I guess at this line?:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
Re: expired certificate
I think that you will probably have to generate a new key, change the configuration file, and permissions. I think it might be easiest just to follow our PDF document on the subject.
SSL CONFIGURATION DOCUMENT
Some of the steps may be slightly different depending how your system is configured.
SSL CONFIGURATION DOCUMENT
Some of the steps may be slightly different depending how your system is configured.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!