Page 1 of 2
install signed ssl certs in nagios
Posted: Tue Jul 20, 2021 10:40 am
by rnjie
I have followed this article
https://assets.nagios.com/downloads/nag ... s%20XI.pdf for signed cert but i have a question about the certs, can wildcard certs be used?
Re: install signed ssl certs in nagios
Posted: Tue Jul 20, 2021 1:15 pm
by pbroste
Hello @rnjie
Found a previous post with these instructions;
You would need to modify the ssl.conf to point to your wildcard certificate file and certificate key file
something like this
CODE: SELECT ALL
SSLCertificateChainFile /etc/pki/tls/certs/essential.crt
SSLCertificateFile /etc/pki/tls/certs/xxxxxxxxxxxxxxx.crt
SSLCertificateKeyFile /etc/pki/tls/private/xxxxxxxxxxxxxxx.key
Thanks, and let me know how things go,
Perry
Re: install signed ssl certs in nagios
Posted: Wed Jul 28, 2021 10:05 am
by rnjie
i have a wildcard cert thats a .pfx file, will that work or i need a different format?
Re: install signed ssl certs in nagios
Posted: Wed Jul 28, 2021 2:16 pm
by rnjie
i am using this kb article as guide but it didnt work for me, http service refused to start after making all the changes
https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Re: install signed ssl certs in nagios
Posted: Wed Jul 28, 2021 2:23 pm
by gsmith
Hi,
Are you using self-signed certs? Wildcards are not allowed for self-signed certs:
https://superuser.com/questions/1374959 ... ertificate
Let me know if you have any more questions
Thanks
Re: install signed ssl certs in nagios
Posted: Fri Jul 30, 2021 10:28 am
by rnjie
what am i supposed to use? you mentioned before that wildcards were allowed, please provide a procedure for me to use
Re: install signed ssl certs in nagios
Posted: Fri Jul 30, 2021 11:48 am
by gsmith
Hi,
I think pbroste was a little confused. I will talk to him.
You can still use
https://assets.nagios.com/downloads/nag ... s%20XI.pdf,
but instead of a wildcard you need to put in the server's name as shown:
Image8.jpg
You will need to repeat the above procedure for each server that needs to be "trusted" by a client (browser).
Don't forget the first time you go to each of these servers you will need to create an exception in your browser
for that specific site (due to the fact that the cert is self-signed). This is shown in the above referenced document.
Thanks
Re: install signed ssl certs in nagios
Posted: Thu Aug 05, 2021 10:08 am
by rnjie
okay am trying to replace the self signed cert with internal wildcards cert, will it b thesame procedure?
Re: install signed ssl certs in nagios
Posted: Thu Aug 05, 2021 10:19 am
by gsmith
Hi
Yes the process is the same. But if you want to use a wild-card cert it has to be
traceable to Trusted CA.
Are there other webservers already using the internal wildcard cert ? If there
are then you should be OK.
Thanks
Re: install signed ssl certs in nagios
Posted: Thu Aug 05, 2021 2:50 pm
by rnjie
i was able to replace the crt with wildcards from my company and the webserver started with no issues, now how do i verify its using the wildcard certs? is there a way to verify if its actively using it? hope i don't sound dumb