NCPA SSL Certificate
Posted: Wed Jan 31, 2018 8:50 pm
Hello everyone,
I inherited a NagiosXI system from a previous admin and overall the system is in excellent shape. I am exploring the possibility of migrating to the NCPA agent for our Windows Servers. We are currently using NSClient++ agents. The main reason for the possible change is to take advantage of stronger SSL ciphers. One item I have not figured out is how to use a signed SSL certificate instead of the self signed cert for the Web GUI. I had orginally planned to used a wildcard certificate for the NCPA agent. When I point to the .crt file in the ncpa.cfg file and restart the ncpa listener service I'm unable to access the Web GUI at https://localhost:5693. I am also unable to connect to the Web GUI. Are wildcard certificates supported and if so what is the correct way to enter the file path in the config file? I have tired the absolute path and relative path. As part of my troubleshooting I attempted to explicitly point to the self sign certs under C:\Program Files (x86)\Nagios\NCPA\var and encountered the same issue. I have attached the relevant portion of the ncpa.cfg. Any help would be appreciated. Thank you.
#
# SSL connection and certificate config (if an SSL option is not available on some older
# operating systems it will default back to TLSv1)
# ssl_version options: TLSv1, TLSv1_1, TLSv1_2
#
ssl_version = TLSv1_2
----------- The methods I tried ---- This line is not in the config file
certificate = etc/SignedCert.crt
certificate = C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.crt
I inherited a NagiosXI system from a previous admin and overall the system is in excellent shape. I am exploring the possibility of migrating to the NCPA agent for our Windows Servers. We are currently using NSClient++ agents. The main reason for the possible change is to take advantage of stronger SSL ciphers. One item I have not figured out is how to use a signed SSL certificate instead of the self signed cert for the Web GUI. I had orginally planned to used a wildcard certificate for the NCPA agent. When I point to the .crt file in the ncpa.cfg file and restart the ncpa listener service I'm unable to access the Web GUI at https://localhost:5693. I am also unable to connect to the Web GUI. Are wildcard certificates supported and if so what is the correct way to enter the file path in the config file? I have tired the absolute path and relative path. As part of my troubleshooting I attempted to explicitly point to the self sign certs under C:\Program Files (x86)\Nagios\NCPA\var and encountered the same issue. I have attached the relevant portion of the ncpa.cfg. Any help would be appreciated. Thank you.
#
# SSL connection and certificate config (if an SSL option is not available on some older
# operating systems it will default back to TLSv1)
# ssl_version options: TLSv1, TLSv1_1, TLSv1_2
#
ssl_version = TLSv1_2
----------- The methods I tried ---- This line is not in the config file
certificate = etc/SignedCert.crt
certificate = C:\Program Files (x86)\Nagios\NCPA\etc\SignedCert.crt