I'm building a new Nagios Server and I'm having problems with the AD integration on a RHEL8. I have copied the LDAP Integration details from our old Nagios server where it works OK (altough is a Centos 6). The certificate for HTTPS work OK.
When I try to import users I get the following error despite having add the root CA and Intermediary certificates added using the GUI. In fact, on the old Server I only have the Root and one of the Intermedaite CA but on this servers I tried to inlude all 5 of our Intermediate CA just in case but that didn't solve it either.
By the way, we are using certificates by our Windows Root CA, these are not comercial certificates.
Code: Select all
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)
Code: Select all
openssl s_client -showcerts -connect ldap.server:636
Code: Select all
[root@usclwnagios01 sgomez]# ldapsearch -x -b "DC=domain" -H ldaps://ldap.server -d 1
ldap_url_parse_ext(ldaps://ldap.server)
ldap_create
ldap_url_parse_ext(ldaps://ldap.server:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.server:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.100.68.17:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS trace: SSL_connect:before SSL initialization
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS read server hello
TLS certificate verification: depth: 1, err: 20, subject: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in error
TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)