Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SSL Cert Issue

https://support.nagios.com/forum/viewtopic.php?t=61335

Page 1 of 1

SSL Cert Issue

Posted: Mon Jan 18, 2021 8:46 am
by astroplay
I've created and followed the steps listed in https://assets.nagios.com/downloads/nag ... s%20XI.pdf but I'm still seeing the WE Cert 2 certificate on the site when browsing to it even though the instructions have been followed thoroughly and I can see that the cert file does indeed contain the cert details generated from the Internal Intermediate CA.
openssl s_client -connect localhost:443 -CApath /etc/ssl is also showing details of the CA/Cert but it's indicating that it can't get the certificate of the issuer.
Do I need to import the certificates of both the Intermediate and/or Root CAs to resolve the issue or am I doing something wrong?

Re: SSL Cert Issue

Posted: Mon Jan 18, 2021 5:41 pm
by dchurch
When using an intermediate CA, the intermediate CA's certificate should probably be specified when the server presents the certificate. Here's how you set that up:

Near where it says SSLCertificateFile in your Apache configs (/etc/httpd/conf.d/ssl.conf by default in CentOS), you'll want to add the line:

Code: Select all

SSLCertificateChainFile /usr/local/nagiosxi/var/certs/cert-chain.crt
In that file you'll want to put the PEM-encoded text of the intermediate CA certificates, one after the other, like this:

Code: Select all

-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIBADANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJVUzES
...
aDloMsDhUd10bLDB1w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIBADANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJVUzES
...
aDloMsDhUd10bLDB1w==
-----END CERTIFICATE-----
Then restart apache.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited