Page 1 of 1
LDAP Certificate Installation
Posted: Tue Sep 17, 2019 3:35 pm
by hoegh
Hi Team,
I've .der Certificate file which is needed to bind LDAP server with Nagios.
Please guide me to installation process.
Thanks
VipiN
Re: LDAP Certificate Installation
Posted: Wed Sep 18, 2019 9:29 am
by mbellerue
Hi hoegh,
Have you read through this document yet? We can definitely help if you're stuck at a specific point.
https://assets.nagios.com/downloads/nag ... ponent.pdf
Re: LDAP Certificate Installation
Posted: Thu Sep 19, 2019 3:32 am
by hoegh
Hi
@mbellerue,
I've followed the steps given in doc. But it's still not able to verify the certificate.
Still getting same error.
Code: Select all
ldap_bind: Can't contact LDAP server (-1)
additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
Could not bind to the LDAP server
I followed steps given on page number 8 in below document
https://assets.nagios.com/downloads/nag ... ponent.pdf
Also what is the location where i can find the certificate file after uploading it in Nagios?
I'm using
CentOS release 6.8 (Final)
Nagios 5.6.1
Thanks
Vipin
Hoegh
Re: LDAP Certificate Installation
Posted: Thu Sep 19, 2019 11:02 am
by mbellerue
Can you verify that the certificate you're adding is a CA certificate, and not just a server certificate?
Also, are there any proxy servers between the Nagios server and the LDAP server, or CA server (if it's a separate server)?
When uploading the certificate to Nagios XI, it gets placed in /etc/openldap/certs/
Re: LDAP Certificate Installation
Posted: Fri Sep 20, 2019 5:34 am
by hoegh
Ok. Let me confirm the details from LDAP team.
Re: LDAP Certificate Installation
Posted: Fri Sep 20, 2019 9:35 am
by mbellerue
Okay, we'll be here when you hear back from them.
Re: LDAP Certificate Installation
Posted: Fri Sep 27, 2019 3:10 am
by hoegh
Hi
@ mbellerue,
Actually it was eDirectory issue, which requires certificate installation.
For now i've followed below link & issue got resolved.
https://sites.google.com/a/geekmungus.c ... ldapserver
but i want to install certificate on client demand.
So below is my ldap.conf file:
Code: Select all
[root@OSLMSnagios openldap]# cat ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_CACERTDIR /etc/openldap/certs
TLS_CACERTDIR /cacerts
TLS_CACERT /etc/openldap/certs/ldapsCert.cer
TLS_REQCERT allow
in ldap.conf file,
TLS_CACERT /etc/openldap/certs/ldapsCert.cer where
ldapCert.cer is the certificate file being used for another server.
So how i can add file location of second certificate to ldap.conf?
Thanks
VipiN
HOegh
Re: LDAP Certificate Installation
Posted: Fri Sep 27, 2019 11:16 am
by mbellerue
I am a little confused on what you are trying to do here. Are you trying to add multiple LDAP servers, each of which has its own TLS certificate?
Re: LDAP Certificate Installation
Posted: Fri Oct 04, 2019 6:03 am
by hoegh
Let me confirm this with team. I'll be back soon.
Re: LDAP Certificate Installation
Posted: Fri Oct 04, 2019 1:19 pm
by mbellerue
Alright, we will keep this thread open and wait to hear back.