Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SSL Certificate with NCPA

https://support.nagios.com/forum/viewtopic.php?t=63845

Page 1 of 1

SSL Certificate with NCPA

Posted: Wed Oct 27, 2021 8:21 am
by elade
Hi,

I started using the NCPA as a replacement for NRPE and NSClient.
I'm trying to understand the SSL option in NCPA.
I want to create for each VM a self signed certificate and configure it with NCPA.
From what I read I can configure the .key and .crt in ncpa.cfg.
The only problem I have is how XI can get notifications with all those difference certificate if I don't configure in the XI server anything?
What I'm missing here?
I will appreciate an explanation.

Re: SSL Certificate with NCPA

Posted: Wed Oct 27, 2021 4:33 pm
by pbroste
Hello @elade

Thanks for reaching out, you only need one pair a public and a private key. The Nagios server holds the private key and all the servers to get monitored get the public keys. Meaning the servers to be monitored would all get the same key.

https://www.nagios.org/ncpa/help/2.1/configuration.html

Thanks,
Perry

Re: SSL Certificate with NCPA

Posted: Thu Oct 28, 2021 4:17 pm
by elade
Hi,
Where I configure the private key in Xi server?
The crt and private key I configure in NCPA?

Re: SSL Certificate with NCPA

Posted: Fri Oct 29, 2021 11:16 am
by pbroste
Hello @elade

Thanks for following up, the 'crt/key' are configured in the ncpa.cfg.
certificate ad-hoc { If left adhoc, a new self-signed certificate will be generated and used for the server.} Allows you to specify the file name for the SSL certificate you wish to use with the internal HTTPS server. If using adhoc - a new self-signed certificate will be generated on startup if one does not already exist. The default cert is located in the main install directory at /usr/local/ncpa/var/ncpa.crt on install. For custom certificates, you must give the location to the .crt and the .key file as a comma-separated value.
Options: adhoc or <path to .crt>,<path to .key>
Specify the crt/key on the ncpa server-side and ncpa client-side.

Thanks,
Perry

Re: SSL Certificate with NCPA

Posted: Tue Nov 02, 2021 5:10 am
by elade
Hi pbroste,

What about the XI? where I configure the private key?

Re: SSL Certificate with NCPA

Posted: Tue Nov 02, 2021 2:19 pm
by pbroste
Hello @elade

The Nagios server application does not interact with the NCPA agent, however, the Nagios server will execute the 'check_ncpa.py' client for the host and service checks. The key pair on the Nagios XI server-side would be for example; "/usr/local/ncpa/var/ncpa.key"

Thanks,
Perry
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited