SSL Cert Issue

[astroplay]

I've created and followed the steps listed in https://assets.nagios.com/downloads/nag ... s%20XI.pdf but I'm still seeing the WE Cert 2 certificate on the site when browsing to it even though the instructions have been followed thoroughly and I can see that the cert file does indeed contain the cert details generated from the Internal Intermediate CA.
openssl s_client -connect localhost:443 -CApath /etc/ssl is also showing details of the CA/Cert but it's indicating that it can't get the certificate of the issuer.
Do I need to import the certificates of both the Intermediate and/or Root CAs to resolve the issue or am I doing something wrong?

[dchurch]

When using an intermediate CA, the intermediate CA's certificate should probably be specified when the server presents the certificate. Here's how you set that up:

Near where it says SSLCertificateFile in your Apache configs (/etc/httpd/conf.d/ssl.conf by default in CentOS), you'll want to add the line:

Code: Select all

SSLCertificateChainFile /usr/local/nagiosxi/var/certs/cert-chain.crt

In that file you'll want to put the PEM-encoded text of the intermediate CA certificates, one after the other, like this:

Code: Select all

-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIBADANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJVUzES
...
aDloMsDhUd10bLDB1w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIBADANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJVUzES
...
aDloMsDhUd10bLDB1w==
-----END CERTIFICATE-----

Then restart apache.