Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Configs not applying - waiting - and ssl error

https://support.nagios.com/forum/viewtopic.php?t=37195

Page 1 of 1

Configs not applying - waiting - and ssl error

Posted: Mon Feb 22, 2016 4:15 pm
by krobertson71
When we go to "Apply Configuration" we get stuck in the immortal spin of the "Waiting on configuration verification"...

I went through the steps of restarting httpd and then running the ./reconfigure_nagios.sh and we get the below error.

We did add our own SSL cert to Nagios and followed the instructions in how to configure SSL for XI.

Here is the error output from the ./reconfigure_nagios.sh. At this point we cannot make any changes.

Code: Select all

[nagios@nagiasp01 scripts]$ ./reconfigure_nagios.sh 
URL: http://localhost/nagiosxi/includes/components/ccm/
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies http://localhost/nagiosxi/includes/components/ccm/ --no-check-certificate --post-data 'submit=Login&hidelog=true&loginSubmitted=true&username=nagiosxi&password=n@gweb' -O nagiosql.login--2016-02-22 16:12:23--  http://localhost/nagiosxi/includes/components/ccm/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://localhost [following]
--2016-02-22 16:12:23--  https://localhost/
Connecting to localhost|::1|:443... connected.
WARNING: cannot verify localhost’s certificate, issued by “/O=DCRI Security Domain/OU=pki-ca/CN=Certificate Authority”:
  Unable to locally verify the issuer’s authority.
    WARNING: certificate common name “nagiasp01.dcri.duke.net” doesn't match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: 2999 (2.9K) [text/html]
Saving to: “nagiosql.login”

100%[===========================================================================>] 2,999       --.-K/s   in 0s      

2016-02-22 16:12:23 (144 MB/s) - “nagiosql.login” saved [2999/2999]

NAGIOSQL LOGIN FAILED!

Re: Configs not applying - waiting - and ssl error

Posted: Mon Feb 22, 2016 4:23 pm
by WillemDH
WARNING: certificate common name “nagiasp01.dcri.duke.net” doesn't match requested host name “localhost”


This should not be a problem. I made a support thread some time ago for this same error and this was 'normal'.
WARNING: cannot verify localhost’s certificate, issued by “/O=DCRI Security Domain/OU=pki-ca/CN=Certificate Authority”:
This could be the problem. If you created the cert by your own CA. Did you add the root CA to the local certificate store?
On Fedora since 19, RHEL / CentOS 7, and RHEL / CentOS 6 since this update, the Shared System Certificates feature is available. With that system, the correct method is to place the certificate to be trusted (in PEM format) in /etc/pki/ca-trust/source/anchors/ and run sudo update-ca-trust. (If the certificate is in OpenSSL’s extended BEGIN TRUSTED CERTIFICATE format, place it in /etc/pki/ca-trust/source). On RHEL 6, you have to activate the system with update-ca-trust enable after installing the update.
Hope it helps.

Willem

Re: Configs not applying - waiting - and ssl error

Posted: Mon Feb 22, 2016 5:10 pm
by krobertson71
This did not correct the issue. Still getting the same error: It looks like it is trying to use "Localhost" to perform it's actions versus the host name.

Code: Select all

 ./reconfigure_nagios.sh 
URL: http://localhost/nagiosxi/includes/components/ccm/
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies http://localhost/nagiosxi/includes/components/ccm/ --no-check-certificate --post-data 'submit=Login&hidelog=true&loginSubmitted=true&username=nagiosxi&password=n@gweb' -O nagiosql.login--2016-02-22 17:09:18--  http://localhost/nagiosxi/includes/components/ccm/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://localhost [following]
--2016-02-22 17:09:18--  https://localhost/
Connecting to localhost|::1|:443... connected.
WARNING: cannot verify localhost’s certificate, issued by “/O=DCRI Security Domain/OU=pki-ca/CN=Certificate Authority”:
  Unable to locally verify the issuer’s authority.
    WARNING: certificate common name “nagiasp01.dcri.duke.net” doesn't match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: 2999 (2.9K) [text/html]
Saving to: “nagiosql.login”

100%[============================================================>] 2,999       --.-K/s   in 0s      

2016-02-22 17:09:18 (70.9 MB/s) - “nagiosql.login” saved [2999/2999]

NAGIOSQL LOGIN FAILED!

Re: Configs not applying - waiting - and ssl error

Posted: Tue Feb 23, 2016 11:12 am
by krobertson71
Actually we can hold this thread. Turns out the admin that configured SSL on our XI hosts did not follow the directions.

I will post back if assistance is still needed. Please leave open just for now.

Re: Configs not applying - waiting - and ssl error

Posted: Tue Feb 23, 2016 11:59 am
by bwallace
Thanks for that update and we'll certainly leave this open - keep us posted.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited