Page 3 of 4
Re: NRDP: Could not connect to NRDP server
Posted: Tue Jun 01, 2021 10:10 am
by gsmith
hi,
Yeah for sure.
You showed the output from 2 commands but there were 2 more in-between. Should be:
1.
Code: Select all
openssl s_client -showcerts -servername server -connect server:443 > cacert.pem
2.
Code: Select all
openssl x509 -outform der -in cacert.pem -out cacert.crt
3. one of these or equivalent for your OS:
Code: Select all
sudo cp cacert.crt /usr/local/share/ca-certificates -- this location for Ubuntu 16
- OR-
sudo cp cacer.crt file to /etc/pki/ca-trust/source/anchors -- this location for CentOS machine
4.
Could you try that please?
Thanks
Re: NRDP: Could not connect to NRDP server
Posted: Wed Jun 02, 2021 12:41 am
by shifty
Hi
here are all commands:
Code: Select all
root@logserverdomain:/tmp# openssl s_client -showcerts -servername nagioscoredomain.net -connect nagioscoredomain.net:443 > cacert.pem
depth=2 C = DE, ST = XXXXXXX, L = XXXXXXXX, O = XXXXXXXXXXXXx, CN = XXXXXXXX Root CA
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 C = DE, ST = XXXXXXXXXXXx, L = XXXXXXXXXx, O = XXXXXXXXXXXXXX, CN = XXXXXXXX Root CA
verify return:1
depth=1 C = DE, ST = XXXXXXXXXXXx, L = XXXXXXXXXXX, O = XXXXXXXXXx, CN = XXXXXXX Intermediate CA1
verify return:1
depth=0 C = DE, ST = XXXXXXXXX, L = XXXXXXXXXXXx, O = XXXXXXXXXXXXx, CN = nagioscoredomain.net
verify return:1
Code: Select all
root@logserverdomain:/tmp# openssl x509 -outform der -in cacert.pem -out cacert.crt
No output, just createt the cacert.crt
Code: Select all
vi cacert.crt
0<82>^B<83>0<82>^B* ^C^B^A^B^B^T&<8d>.ú<82>¯Þ^\b®áno.a<87>,ÃÓÃ0
^F^H*<86>HÎ=^D^C^B0p1^K0 ^F^CU^D^F^S^BDE1^V0^T^F^CU^D^H^S^MXXXXXXXXXXXXXX1^W0^U^F^CU^D^G^S^N37154 XXXXXXXXXXXX1^Q0^O^F^CU^D
^S^HXXXXXXXXXXXXX1^]0^[^F^CU^D^C^S^TXXXXXXXXXXX Intermediate CA10^^^W^M210429112000Z^W^M260428112000Z0u1^K0 ^F^CU^D^F^S^BDE1^V0^T^F^CU^D^H^S^MXXXXXXXXXXXXXXXXX1^W0^U^F^CU^D^G^S^NXXXXXXX XXXXXXXXXXXX1^Q0^O^F^CU^D
^S^HXXXXXXXXXXXXXXXXXXXXXx1"0 ^F^CU^D^C^S^Ynagioscoreserver.net0Y0^S^F^G*<86>HÎ=^B^A^F^H*<86>HÎ=^C^A^G^CB^@^D¾÷W^]õ^P<99>9^Q<89>^j×¹<8d>¼<8e>^T^M<89>5PäZ#í»G¥^O<99>É_^VZZ§^DÏÄ<80>?%Ã^Gu_Ec<87>,^]49Öv<85>ßïü^_<86><8f>£<81><9c>0<81><99>0^N^F^CU^]^O^A^Aÿ^D^D^C^B^E 0^S^F^CU^]%^D^L0
^F^H+^F^A^E^E^G^C^A0^L^F^CU^]^S^A^Aÿ^D^B0^@0^]^F^CU^]^N^D^V^D^T<8a>ÌZñOV<98>^Dó^º ó^TOQ<8d><89>0^_^F^CU^]#^D^X0^V<80>^T¸<8c><85>Â:ú³Q<98>ýÛ^R¾<9d>/Dè*c<84>0$^F^CU^]^Q^D^]0^[<82>^Ynagioscoreserver.net0
^F^H*<86>HÎ=^D^C^B^CG^@0D^B JÎË<84><96><9a>}<92>g±^ZÇϽñröÎ<88><90>6ÎÂú¨<
¬<8d>ÐÉð^B )Ûª$'<9f>M%<81>ÈtØ^[^?@¿|<97>Î^RT^ZÎ
ÀÆ\¨Á<94>^@
Code: Select all
sudo cp cacert.crt /usr/local/share/ca-certificates
No output, just moved the cacert.crt to the directory
Code: Select all
root@logserverdomain:/tmp# update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping RootCAChainIntermediate1.pem,it does not contain exactly one certificate or CRL
rehash: warning: skipping nagioscoredomain.pem,it does not contain exactly one certificate or CRL
rehash: warning: skipping cacert.pem,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:cacert.pem
done.
done.
Re: NRDP: Could not connect to NRDP server
Posted: Wed Jun 02, 2021 4:45 pm
by gsmith
Hi Shifty,
I didn't forget about you. I am getting an Ubuntu 20 log server set up to do
more research. Will let you know what I find out soon.
Thanks
Re: NRDP: Could not connect to NRDP server
Posted: Thu Jun 03, 2021 1:05 pm
by shifty
Hi Gsmith,
no stress, there is no rush
Re: NRDP: Could not connect to NRDP server
Posted: Thu Jun 03, 2021 3:53 pm
by gsmith
Awesome - thanks for letting me know
Re: NRDP: Could not connect to NRDP server
Posted: Thu Jun 10, 2021 11:59 am
by gsmith
hi,
Here's what you need to do:
On your core server you should have a cert for itself in /etc/ssl/certs/ like:
/etc/ssl/certs/selfsigned.crt
copy that file over to the logserver's /tmp directory.
NOTE: You may have to temporarily open up the permissions on /etc/ssl/certs/selfsigned.crt (on the core server) in order to get a copy of it
on the logserver:
Code: Select all
sudo cp /tmp/selfsigned.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates --verbose
to test - on the logserver:
If that works you will be able to add the coreserver as an NRDP server on the log server
Thanks
Re: NRDP: Could not connect to NRDP server
Posted: Mon Jun 14, 2021 1:04 am
by shifty
Hi gsmith,
thanks for your answer. On my nagioscore-Server in "/etc/ssl/certs/" there are
Code: Select all
-rw-r--r-- 1 root root 932 Jun 14 10:21 nagioscoredomain.pem
-rw-r--r-- 1 root root 1,8K Jun 14 10:21 RootCAChainIntermediate1.pem
we have our own CA. Should i use the "nagioscoredomain.pem" ?
Re: NRDP: Could not connect to NRDP server
Posted: Mon Jun 14, 2021 9:12 am
by gsmith
Yes, give that a try.
Thanks
Re: NRDP: Could not connect to NRDP server
Posted: Tue Jun 15, 2021 1:25 am
by shifty
After copying the nagiocoredomain.pem into the directory /usr/local/share/ca-certificates, I executed the command
sudo update-ca-certificates --verbose.
Code: Select all
root@logserverdomain:/usr/local/share/ca-certificates# ls
nagioscoredomain.pem
Heres the output:
Code: Select all
root@logserverdomain:/tmp# update-ca-certificates --verbose
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
done.
Code: Select all
root@logserverdomain:/tmp# curl https://nagioscoredomain.xxxxxxxxxxx.net
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.or g/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
Modified from the Debian original for Ubuntu
Last updated: 2014-03-19
See: https://launchpad.net/bugs/1288690
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache2 Ubuntu Default Page: It works</title>
<style type="text/css" media="screen">
* {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
}
body, html {
padding: 3px 3px 3px 3px;
background-color: #D8DBE2;
font-family: Verdana, sans-serif;
font-size: 11pt;
text-align: center;
}
div.main_page {
position: relative;
display: table;
width: 800px;
margin-bottom: 3px;
margin-left: auto;
margin-right: auto;
padding: 0px 0px 0px 0px;
border-width: 2px;
border-color: #212738;
border-style: solid;
background-color: #FFFFFF;
text-align: center;
}
div.page_header {
height: 99px;
width: 100%;
background-color: #F5F6F7;
}
div.page_header span {
margin: 15px 0px 0px 50px;
font-size: 180%;
font-weight: bold;
}
div.page_header img {
margin: 3px 0px 0px 40px;
border: 0px 0px 0px;
}
div.table_of_contents {
clear: left;
min-width: 200px;
margin: 3px 3px 3px 3px;
background-color: #FFFFFF;
text-align: left;
}
div.table_of_contents_item {
clear: left;
width: 100%;
margin: 4px 0px 0px 0px;
background-color: #FFFFFF;
color: #000000;
text-align: left;
}
div.table_of_contents_item a {
margin: 6px 0px 0px 6px;
}
div.content_section {
margin: 3px 3px 3px 3px;
background-color: #FFFFFF;
text-align: left;
}
div.content_section_text {
padding: 4px 8px 4px 8px;
color: #000000;
font-size: 100%;
}
div.content_section_text pre {
margin: 8px 0px 8px 0px;
padding: 8px 8px 8px 8px;
border-width: 1px;
border-style: dotted;
border-color: #000000;
background-color: #F5F6F7;
font-style: italic;
}
div.content_section_text p {
margin-bottom: 6px;
}
div.content_section_text ul, div.content_section_text li {
padding: 4px 8px 4px 16px;
}
div.section_header {
padding: 3px 6px 3px 6px;
background-color: #8E9CB2;
color: #FFFFFF;
font-weight: bold;
font-size: 112%;
text-align: center;
}
div.section_header_red {
background-color: #CD214F;
}
div.section_header_grey {
background-color: #9F9386;
}
.floating_element {
position: relative;
float: left;
}
div.table_of_contents_item a,
div.content_section_text a {
text-decoration: none;
font-weight: bold;
}
div.table_of_contents_item a:link,
div.table_of_contents_item a:visited,
div.table_of_contents_item a:active {
color: #000000;
}
div.table_of_contents_item a:hover {
background-color: #000000;
color: #FFFFFF;
}
div.content_section_text a:link,
div.content_section_text a:visited,
div.content_section_text a:active {
background-color: #DCDFE6;
color: #000000;
}
div.content_section_text a:hover {
background-color: #000000;
color: #DCDFE6;
}
div.validator {
}
</style>
</head>
<body>
<div class="main_page">
<div class="page_header floating_element">
<img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_elem ent"/>
<span class="floating_element">
Apache2 Ubuntu Default Page
</span>
</div>
<!-- <div class="table_of_contents floating_element">
<div class="section_header section_header_grey">
TABLE OF CONTENTS
</div>
<div class="table_of_contents_item floating_element">
<a href="#about">About</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#changes">Changes</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#scope">Scope</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#files">Config files</a>
</div>
</div>
-->
<div class="content_section floating_element">
<div class="section_header section_header_red">
<div id="about"></div>
It works!
</div>
<div class="content_section_text">
<p>
This is the default welcome page used to test the correct
operation of the Apache2 server after installation on Ubuntu sys tems.
It is based on the equivalent page on Debian, from which the Ubu ntu Apache
packaging is derived.
If you can read this page, it means that the Apache HTTP server installed at
this site is working properly. You should <b>replace this file</ b> (located at
<tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
</p>
<p>
If you are a normal user of this web site and don't know what th is page is
about, this probably means that the site is currently unavailabl e due to
maintenance.
If the problem persists, please contact the site's administrator .
</p>
</div>
<div class="section_header">
<div id="changes"></div>
Configuration Overview
</div>
<div class="content_section_text">
<p>
Ubuntu's Apache2 default configuration is different from the
upstream default configuration, and split into several files opt imized for
interaction with Ubuntu tools. The configuration system is
<b>fully documented in
/usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for t he full
documentation. Documentation for the web server itself can be
found by accessing the <a href="/manual">manual</a> if the <tt>a pache2-doc</tt>
package was installed on this server.
</p>
<p>
The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
</p>
<pre>
/etc/apache2/
|-- apache2.conf
| `-- ports.conf
|-- mods-enabled
| |-- *.load
| `-- *.conf
|-- conf-enabled
| `-- *.conf
|-- sites-enabled
| `-- *.conf
</pre>
<ul>
<li>
<tt>apache2.conf</tt> is the main configuration
file. It puts the pieces together by including all re maining configuration
files when starting up the web server.
</li>
<li>
<tt>ports.conf</tt> is always included from the
main configuration file. It is used to determine the listening ports for
incoming connections, and this file can be customized anytime.
</li>
<li>
Configuration files in the <tt>mods-enabled/</tt>,
<tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> di rectories contain
particular configuration snippets which manage module s, global configuration
fragments, or virtual host configurations, respective ly.
</li>
<li>
They are activated by symlinking available
configuration files from their respective
*-available/ counterparts. These should be managed
by using our helpers
<tt>
<a href="http://manpages.debian.org/cgi-bin/man. cgi?query=a2enmod">a2enmod</a>,
<a href="http://manpages.debian.org/cgi-bin/man. cgi?query=a2dismod">a2dismod</a>,
</tt>
<tt>
<a href="http://manpages.debian.org/cgi-bin/man. cgi?query=a2ensite">a2ensite</a>,
<a href="http://manpages.debian.org/cgi-bin/man. cgi?query=a2dissite">a2dissite</a>,
</tt>
and
<tt>
<a href="http://manpages.debian.org/cgi-bin/man. cgi?query=a2enconf">a2enconf</a>,
<a href="http://manpages.debian.org/cgi-bin/man. cgi?query=a2disconf">a2disconf</a>
</tt>. See their respective man pages for detailed in formation.
</li>
<li>
The binary is called apache2. Due to the use of
environment variables, in the default configuration, apache2 needs to be
started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
<b>Calling <tt>/usr/bin/apache2</tt> directly will no t work</b> with the
default configuration.
</li>
</ul>
</div>
<div class="section_header">
<div id="docroot"></div>
Document Roots
</div>
<div class="content_section_text">
<p>
By default, Ubuntu does not allow access through the web browser to
<em>any</em> file apart of those located in <tt>/var/www</tt>,
<a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html"> public_html</a>
directories (when enabled) and <tt>/usr/share</tt> (for web
applications). If your site is using a web document root
located elsewhere (such as in <tt>/srv</tt>) you may need to whi telist your
document root directory in <tt>/etc/apache2/apache2.conf</tt>.
</p>
<p>
The default Ubuntu document root is <tt>/var/www/html</tt>. You
can make your own virtual hosts under /var/www. This is differen t
to previous releases which provides better security out of the b ox.
</p>
</div>
<div class="section_header">
<div id="bugs"></div>
Reporting Problems
</div>
<div class="content_section_text">
<p>
Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
Apache2 package with Ubuntu. However, check <a
href="https://bugs.launchpad.net/ubuntu/+source/apache2">existin g
bug reports</a> before reporting a new bug.
</p>
<p>
Please report bugs specific to modules (such as PHP and others)
to respective packages, not to the web server itself.
</p>
</div>
</div>
</div>
<div class="validator">
</div>
</body>
</html>
Re: NRDP: Could not connect to NRDP server
Posted: Tue Jun 15, 2021 9:04 am
by gsmith
Great!
You should be able to add the core server as an NRDP server on the log server machine.
Let me know how it goes.
Thanks