Page 1 of 2
NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Thu Nov 21, 2024 9:40 am
by wneville
Hello,
I noticed recently that servers sending ncpa 3.x passive results are also logging the following message:
Code: Select all
[timestamp] [hostname] ncpa: urllib3/connectionpool.py:1103: InsecureRequestWarning: Unverified HTTPS request is being made to host '[nagios server hostname]'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
I also see that there is an issue opened regarding this:
https://github.com/NagiosEnterprises/ncpa/issues/1172
I have verified that the certificate is in the trusted CA store. Is there a resolution for this? I'm also wondering, does NCPA use the system CA certs by default?
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Mon Nov 25, 2024 4:54 pm
by sgardil
wneville wrote: ↑Thu Nov 21, 2024 9:40 am
Hello,
I noticed recently that servers sending ncpa 3.x passive results are also logging the following message:
Code: Select all
[timestamp] [hostname] ncpa: urllib3/connectionpool.py:1103: InsecureRequestWarning: Unverified HTTPS request is being made to host '[nagios server hostname]'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
I also see that there is an issue opened regarding this:
https://github.com/NagiosEnterprises/ncpa/issues/1172
I have verified that the certificate is in the trusted CA store. Is there a resolution for this? I'm also wondering, does NCPA use the system CA certs by default?
Hey
@wneville
I don't believe this has been addressed yet or a fix has been made yet. The resolution sounds like to enable certificate verification, however I'm not sure how in-depth of a process it is. The best place for an update would be on the github that you linked for the issue or the NCPA changelog
https://github.com/NagiosEnterprises/nc ... HANGES.rst
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Mon Dec 02, 2024 8:51 am
by wneville
I might be dreaming but I believe in the 2.x version of the agent there were directives under the [passive] section of ncpa.cfg for 'ssl_verify' which you could set to 1 to enable and 'certificate' which you could provide a path to your cert. I wonder if there is a different way of accomplishing this in the 3.1/3.x versions of the agent?
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Tue Dec 03, 2024 2:19 pm
by bbahn
Hello @wneville,
In NCPA 3, under the [listener] section, you can set the certificate= option to /path/to/your/certificate, /path/to/your/key to configure the certificate to be used by your NCPA.
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Mon Jan 13, 2025 2:03 am
by patrickhayes
Configure the client to trust this certificate. This often involves updating the CA bundle on the client machine.
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Sat May 31, 2025 3:27 am
by rosalia
I also encountered the same warning with NCPA 3.x. As a temporary workaround, you can add verify=False to requests (if the environment allows security risks) or specify a specific CA cert path via the verify=/path/to/ca-bundle.crt parameter.
grade calculator This is a known issue but not fixed in the official release.
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Thu Jul 17, 2025 1:41 am
by kanecharles04
Apart from configuring the certificate in ncpa.cfg, is there a way to temporarily disable this warning (recommended for test environments only) without affecting NCPA's HTTPS connection? For example, adding an environment variable or flag when starting the agent?
time calculator
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Tue Jul 29, 2025 9:59 pm
by huel02
I also got a warning when using NCPA with a valid certificate. After checking, I found that NCPA may not be using the system CA certs. I added the certificate path to the NCPA configuration, which eliminated the warning. See the GitHub discussion for more!
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Tue Aug 05, 2025 11:41 pm
by willie34
This happens because NCPA currently does not use system CA certificates by default when sending
Among Us Free passive check results—even if the server certificate is trusted system‑wide.
Re: NCPA 'InsecureRequestWarning: Unverified HTTPS request' issue
Posted: Wed Aug 27, 2025 1:39 am
by Diyhana9
wneville wrote: ↑Mon Dec 02, 2024 8:51 am
I might be dreaming but I believe in the 2.x version of the agent there were directives under the [passive] section of ncpa.cfg for 'ssl_verify' which you could set to 1 to enable and 'certificate' which you could provide a path to your cert. I wonder if there is a different way of accomplishing this in the 3.1/3.x versions of the agent?
It looks like you remember correctly — in NCPA 2.x
Pips NYT you could explicitly set ssl_verify and certificate under [passive]. But in NCPA 3.x, the configuration structure has changed. The same effect is usually managed differently now, often under listener SSL settings instead of the old passive directives.