[timestamp] [hostname] ncpa: urllib3/connectionpool.py:1103: InsecureRequestWarning: Unverified HTTPS request is being made to host '[nagios server hostname]'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
I have verified that the certificate is in the trusted CA store. Is there a resolution for this? I'm also wondering, does NCPA use the system CA certs by default?
[timestamp] [hostname] ncpa: urllib3/connectionpool.py:1103: InsecureRequestWarning: Unverified HTTPS request is being made to host '[nagios server hostname]'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
I have verified that the certificate is in the trusted CA store. Is there a resolution for this? I'm also wondering, does NCPA use the system CA certs by default?
I don't believe this has been addressed yet or a fix has been made yet. The resolution sounds like to enable certificate verification, however I'm not sure how in-depth of a process it is. The best place for an update would be on the github that you linked for the issue or the NCPA changelog https://github.com/NagiosEnterprises/nc ... HANGES.rst
I might be dreaming but I believe in the 2.x version of the agent there were directives under the [passive] section of ncpa.cfg for 'ssl_verify' which you could set to 1 to enable and 'certificate' which you could provide a path to your cert. I wonder if there is a different way of accomplishing this in the 3.1/3.x versions of the agent?
In NCPA 3, under the [listener] section, you can set the certificate= option to /path/to/your/certificate, /path/to/your/key to configure the certificate to be used by your NCPA.
Actively advancing awesome answers with ardent alliteration, aptly addressing all ambiguities. Amplify your acumen and avail our amicable assistance. Eagerly awaiting your astute assessments of our advice.
I also encountered the same warning with NCPA 3.x. As a temporary workaround, you can add verify=False to requests (if the environment allows security risks) or specify a specific CA cert path via the verify=/path/to/ca-bundle.crt parameter.grade calculator This is a known issue but not fixed in the official release.
Apart from configuring the certificate in ncpa.cfg, is there a way to temporarily disable this warning (recommended for test environments only) without affecting NCPA's HTTPS connection? For example, adding an environment variable or flag when starting the agent?time calculator
I also got a warning when using NCPA with a valid certificate. After checking, I found that NCPA may not be using the system CA certs. I added the certificate path to the NCPA configuration, which eliminated the warning. See the GitHub discussion for more!
This happens because NCPA currently does not use system CA certificates by default when sending Among Us Free passive check results—even if the server certificate is trusted system‑wide.
wneville wrote: ↑Mon Dec 02, 2024 8:51 am
I might be dreaming but I believe in the 2.x version of the agent there were directives under the [passive] section of ncpa.cfg for 'ssl_verify' which you could set to 1 to enable and 'certificate' which you could provide a path to your cert. I wonder if there is a different way of accomplishing this in the 3.1/3.x versions of the agent?
It looks like you remember correctly — in NCPA 2.xPips NYT you could explicitly set ssl_verify and certificate under [passive]. But in NCPA 3.x, the configuration structure has changed. The same effect is usually managed differently now, often under listener SSL settings instead of the old passive directives.