Page 1 of 1
SSL Certificate issue
Posted: Wed Feb 18, 2015 1:28 pm
by henryg
We have an internal CA that issues our certs. When I go through the steps of creating a SSL Cert from
http://assets.nagios.com/downloads/nagi ... s%20XI.pdf, I am able to apply the cert, but I am getting an error message that states "This certificate was signed by an unknown authority." The Issued by is correct though. Anyone have an idea what might be causing this type of error? Thanks for any help.
Re: SSL Certificate issue
Posted: Wed Feb 18, 2015 1:49 pm
by scottwilkerson
Are you using the Cert issued by your internal CA, or did you create one using the steps in the doc you referenced?
Re: SSL Certificate issue
Posted: Wed Feb 18, 2015 3:18 pm
by henryg
I am using the Cert issued by my internal CA.
Re: SSL Certificate issue
Posted: Wed Feb 18, 2015 4:08 pm
by jdalrymple
The problem you're experiencing could be caused by a great many things. If you followed that documentation exactly you will have ended up with a self-signed cert from the Nagios server. If however at the point of performing
Code: Select all
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
you broke away and signed on your Internal CA then copied the cert back you should have been fine. It sounds like all of the steps following the signing went well, if you didn't successfully install the certificate httpd wouldn't start and listen using https.
Can you verify that other certificates issued by the same CA are trusted on the same computer using the same browser? Also, is your internal CA a root CA or is it an intermediate CA? If it is an intermediate you will need to create a certificate bundle to install.
Re: SSL Certificate issue
Posted: Wed Feb 18, 2015 4:09 pm
by abrist
What is the output of:
Code: Select all
openssl s_client -connect localhost:443 -CApath /etc/ssl
You may want to PM it as it could contain private info.