Nagios Support Forum

Hey All,

I upgrade to the latest 5.8 version which went fine and everything was happy following a reboot. A few days later I went ahead and decided to finally setup an SSL and followed the Nagios PDF on pulling down OpenSSL and creating the csr and all that. Following that I also ran a yum update on the OS as well just to keep everything in check.

Following all that I now cant get to the interface page as it refuses to load so I clearly broke something there. If I run nmap on the server i get 80 and 443 closed but not sure why that happened. Should I just open those ports again in the firewall? or am I missing something larger here?

Thanks

went in and ran the firewall cmds to run http and https services and still no change. still showing ports closed on nmap so I think loading the OpenSSL in there to generate a csr may be the culprit?

while waiting to receive my crt it seems i may be in limbo with Nagios? Is there soemthing that is refusing all http/s requests till i load the cert maybe? Is there something I can do to disable it until i get the cert file?

I received the crt file and was able to complete the install instructions for setting the SSL. Site is up and running again at this time although I get a 'Not Secure' for some reason which I am unsure about. ??? one part of the SSL setup spoke to e key file which I do not have and I am not sure if that may be the reason.

The probably reason you were getting a web page not available error is because Apache failed to start. It failed to start because you kinda jumped the gun in configuring it; you need the SSL cert and key file BEFORE you start configuring Apache, or else configuring it for SSL will just break Apache configuration an make the site unreachable. You can check if Apache is running by running (as root) "service httpd status" -- BUT, you installed the cert and it appears Apache liked the configuration so that debug step is no longer necessary.

The SSL cert from your CA should have come with a .crt file and a .key file.

Upload both to the server. Put the key file in /usr/local/nagiosxi/var/certs/nagiosxi.key, and the cert file in /usr/local/nagiosxi/var/certs/nagiosxi.crt, then update the apache configuration (in CentOS by default, it's /etc/httpd/conf.d/ssl.conf), you'll want to add the line:
Then restart apache using:

Yeah, no key file included but found the issue to be the web reboot and a tweak to settings with the FQDN fixed the issue. Still no key file in there but it is working securely and not throwing any SSL error.

Okay, if there's no other problem with your XI server, I'll close this topic.