Nagios Support Forum

Hi,

I'm seeing this when accessing the console.
How can I fix the problem?

Websites prove their identity via certificates, which are valid for a set time period. The certificate for 10.254.208.41 expired on 1/16/2019.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

That message is just saying that your certification is self-signed. Typically, certifications are signed by another certificate authority. But, it is easier and a more self contained solution to just have it be self signed. Can you acknowledge the message and move on? If your server is behind a firewall, this may not be a high concern for your security team.

You could change the certificate authority, but I would probably have to know more about your system to advise on that... Do you know how HTTPS was configured on that server initially? What operating system is it running?

The fact that is expired seem to cause some problem to external script.

Then you may just need to renew it. Do you know what was used to configure it in the first place?

If you are running Apache, the relevant configuration files are probably at the following locations. Please post the relevant details from your server, redacting any information that could pose a security risk. Feel free to message ( PM ) me the specific address if it is public, and I would be happy to help test and investigate.

What script is it causing a problem with?

Thanks for your answer.

We are using apache, but no sign of you directory in /etc.
root@plgesmon02[/etc]# ls -ltr | grep -i apache
drwsrwsr-x 3 apache nagios 4096 Jan 16 2018 nagiosql
drwxrwxr-x 4 apache nagios 4096 Jan 16 2018 mrtg
drwxrwxr-x. 4 apache nagios 4096 Jan 16 2018 openldap

What is the name of the .conf file you want? I can search for it on the server.

The script used by the customer is a perl script used on a Linux to push passive status to Service in Nagios.

The SSL documentation we have specifies the following location for certificates. What do you see in that folder?

Sometimes the configuration file is named after the domain it is for. However, there is probably also a default configuration file in the same folder.

Nothing in that directory as you can see here:
root@plgesmon02[/usr/local/nagiosxi/var/certs]# ls -ltr
total 0
root@plgesmon02[/usr/local/nagiosxi/var/certs]#

And this is the result of the find:
root@plgesmon02[/usr/local/nagiosxi/var/certs]# find / -name *default.conf
/usr/share/alsa/pcm/default.conf
/usr/share/rear/conf/default.conf

Are you using Red Hat or CentOS? If so, the configuration file may be in the following location instead. You may want to just create another SSL certificate, and edit the configuration file accordingly. If you have openssl installed on that machine, you can do so by executing the following commands.

Navigate to the directory. Create the key. Then create the configuration file. Don't forget to grant it permissions. Some of these steps may be slightly different depending on how your system is configured. Please refer to the following linked documentation for more detailed instructions on how to properly create and edit these files.
SSL DOCUMENT

Hi,

Sorry for the delay to answer back. I was in vacation.

I'm using centOS.

So the idea would be to generate a new certificate and change the /etc/httpd/conf.d/ssl.conf to use it? I guess at this line?:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

I think that you will probably have to generate a new key, change the configuration file, and permissions. I think it might be easiest just to follow our PDF document on the subject.
SSL CONFIGURATION DOCUMENT
Some of the steps may be slightly different depending how your system is configured.