Nagios Support Forum

Posted: **Thu Dec 02, 2021 1:24 pm**

Hello,

We are in the process of preparing to move our production Nagios server (VM, RHEL7) to a larger, physical server (RHEL8). LDAP/AD - we added the Authentication Server and Certificate through the Admin page of the GUI, but when we go to Import Users we get the following error:

Unable to authenticate: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)

I tried this command:

openssl s_client -showcerts -connect x.x.x.x:636 </dev/null

but it returned an error

I have seen a few other posts about this but haven't found any solutions that have worked for us. Any idea what may be happening here?

Posted: **Fri Dec 03, 2021 11:01 am**

Take the CA certs and put them in individual files in this directory:
- NOTE: They must have a .crt extension on the files

Code: Select all

/etc/pki/ca-trust/source/anchors/

Then run these commands:

Code: Select all

update-ca-trust extract
systemctl restart httpd php-fpm

Then test it again.

If that still doesn't work, take your CA certs and put into this file (just one on top of the other in the file if you have multiple CA signer certs):

Code: Select all

/etc/openldap/certs/ca.pem

Then add this to your /etc/openldap/ldap.conf:

Code: Select all

TLS_CACERT /etc/openldap/certs/ca.pem

Then restart apache and try again:

Code: Select all

systemctl restart httpd php-fpm

That should do it.

If that still doesn't resolve it (it should), please PM me the full output of this command:
- Change your.ad.server before running

Code: Select all

openssl s_client -showcerts -connect your.ad_or_ldap.server:636

Nagios Support Forum

AD/LDAP Integration - User Import Error

AD/LDAP Integration - User Import Error

Re: AD/LDAP Integration - User Import Error