Page 3 of 5
Re: Need help configuring SSL with Nagios XI
Posted: Tue May 22, 2012 12:56 pm
by scottwilkerson
for whatever reason your key/crt aren't matching you should lcreate them again after removing the ones that are there
Code: Select all
rm -f /etc/pki/tls/certs/ca.crt /etc/pki/tls/private/ca.key /etc/pki/tls/private/ca.csr
rm -f ca.crt ca.key ca.csr
then
Code: Select all
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
Finally try to restart httpd
Re: Need help configuring SSL with Nagios XI
Posted: Tue May 22, 2012 2:20 pm
by tgfde
Ok httpd restarted ok.
But I think I continue on to the instruction and proceed with the following steps and restart httpd, httpd will not restart. Should I proceed with this?
Now that we have our key we have to tell httpd where to look for it. In your /etc/httpd/conf.d/ssl.conf , find the
SSLCertificateFile line and change these values:
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Re: Need help configuring SSL with Nagios XI
Posted: Tue May 22, 2012 2:37 pm
by scottwilkerson
Yes, it should work fine
Re: Need help configuring SSL with Nagios XI
Posted: Wed May 23, 2012 4:07 pm
by tgfde
Thanks everyone, I finally got SSL configured.
However, I need to disable non-SSL access. How do I do this?
Thanks.
Re: Need help configuring SSL with Nagios XI
Posted: Wed May 23, 2012 7:43 pm
by scottwilkerson
Once SSL is working you should be able to remove the following from your nagiosxi.conf
Code: Select all
#NameVirtualHost *:443
<VirtualHost *:80> # Add this line
<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory> # Add this line
</VirtualHost>
and then restart apache
Re: Need help configuring SSL with Nagios XI
Posted: Thu May 24, 2012 9:08 am
by tgfde
Hello,
I commented out the non_ssl portion on the nagiosxi.conf but still able to access nagios via http. Please see below.
###<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
## Options None
## AllowOverride None
## Order allow,deny
## Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
###</Directory>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
</Directory>
</VirtualHost>
Alias /nagiosxi "/usr/local/nagiosxi/html"
Re: Need help configuring SSL with Nagios XI
Posted: Thu May 24, 2012 9:14 am
by scottwilkerson
Do you mean you can still access Nagios XI? ie, http://<SERVERNAME>/nagiosxi/
or do you mean the nagios core interface? ie, http://<SERVERNAME>/nagios/
Re: Need help configuring SSL with Nagios XI
Posted: Thu May 24, 2012 10:32 am
by tgfde
Sorry for the confusion. I meant to say this, http://<SERVERNAME>/nagiosxi/.
Thanks.
Re: Need help configuring SSL with Nagios XI
Posted: Thu May 24, 2012 1:18 pm
by scottwilkerson
Re: Need help configuring SSL with Nagios XI
Posted: Thu May 24, 2012 1:24 pm
by tgfde
Yes, I did. I even clreared my browser cache and was still able to access nagiosxi via http.