[NCPA/NRDP] passive WARNING SSL verification failed, retrying without verification

[franck.hg]

Hello There,

I'm deploying passive check strategy thanks to NRDP/NCPA feature.

As instructed in the doc , I set "parent = https://my_nagiosxi_server_fqdn_hostname/nrdp/" in [nrdp] section.

We have an internal PKI in our network and I already updated system-wide CA store with update-ca-trust with our private CA chain components.

Looking at /usr/local/ncpa/var/log/ncpa_passive.log, I notice numerous (each passive result uploads in fact ):

Code: Select all

2026-01-30 03:31:30,443 passive WARNING SSL verification failed, retrying without verification: HTTPSConnectionPool(host='my_nagiosxi_server_fqdn_hostname', port=443): Max retries exceeded with url: /nrdp/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1016)')))

Although one can read "self signed certificate in certificate chain ", I must mention that our nagiosxi server certificate is not a selfsigned one; it has been signed with our internal PKI, as proven by verification on all browsers.

So how can I solve this situation which is obviously not an issue but...

nagiosxi: 2024R1.4.1
ncpa: 3.2.3 running on RHEL 10.1


Best regards

Franck

[cdietsch]

Hi Franck,

Unfortunately at the moment NCPA does not use the system CA store, it uses it's own internal CA bundle. Having it use the system, or at least making it user configurable is something that we would like to have implemented soon.