Hello,
We are in the process of preparing to move our production Nagios server (VM, RHEL7) to a larger, physical server (RHEL8). LDAP/AD - we added the Authentication Server and Certificate through the Admin page of the GUI, but when we go to Import Users we get the following error:
Unable to authenticate: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)
I tried this command:
openssl s_client -showcerts -connect x.x.x.x:636 </dev/null
but it returned an error
I have seen a few other posts about this but haven't found any solutions that have worked for us. Any idea what may be happening here?
AD/LDAP Integration - User Import Error
Re: AD/LDAP Integration - User Import Error
Take the CA certs and put them in individual files in this directory:
- NOTE: They must have a .crt extension on the files
Then run these commands:
Then test it again.
If that still doesn't work, take your CA certs and put into this file (just one on top of the other in the file if you have multiple CA signer certs):
Then add this to your /etc/openldap/ldap.conf:
Then restart apache and try again:
That should do it.
If that still doesn't resolve it (it should), please PM me the full output of this command:
- Change your.ad.server before running
- NOTE: They must have a .crt extension on the files
Code: Select all
/etc/pki/ca-trust/source/anchors/Code: Select all
update-ca-trust extract
systemctl restart httpd php-fpm
If that still doesn't work, take your CA certs and put into this file (just one on top of the other in the file if you have multiple CA signer certs):
Code: Select all
/etc/openldap/certs/ca.pemCode: Select all
TLS_CACERT /etc/openldap/certs/ca.pemCode: Select all
systemctl restart httpd php-fpmIf that still doesn't resolve it (it should), please PM me the full output of this command:
- Change your.ad.server before running
Code: Select all
openssl s_client -showcerts -connect your.ad_or_ldap.server:636