[NCPA/NRDP] passive WARNING SSL verification failed, retrying without verification
Posted: Fri Jan 30, 2026 3:48 am
Hello There,
I'm deploying passive check strategy thanks to NRDP/NCPA feature.
As instructed in the doc , I set "parent = https://my_nagiosxi_server_fqdn_hostname/nrdp/" in [nrdp] section.
We have an internal PKI in our network and I already updated system-wide CA store with update-ca-trust with our private CA chain components.
Looking at /usr/local/ncpa/var/log/ncpa_passive.log, I notice numerous (each passive result uploads in fact
):
Although one can read "self signed certificate in certificate chain ", I must mention that our nagiosxi server certificate is not a selfsigned one; it has been signed with our internal PKI, as proven by verification on all browsers.
So how can I solve this situation which is obviously not an issue but...
nagiosxi: 2024R1.4.1
ncpa: 3.2.3 running on RHEL 10.1
Best regards
Franck
I'm deploying passive check strategy thanks to NRDP/NCPA feature.
As instructed in the doc , I set "parent = https://my_nagiosxi_server_fqdn_hostname/nrdp/" in [nrdp] section.
We have an internal PKI in our network and I already updated system-wide CA store with update-ca-trust with our private CA chain components.
Looking at /usr/local/ncpa/var/log/ncpa_passive.log, I notice numerous (each passive result uploads in fact
):
Code: Select all
2026-01-30 03:31:30,443 passive WARNING SSL verification failed, retrying without verification: HTTPSConnectionPool(host='my_nagiosxi_server_fqdn_hostname', port=443): Max retries exceeded with url: /nrdp/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1016)')))So how can I solve this situation which is obviously not an issue but...
nagiosxi: 2024R1.4.1
ncpa: 3.2.3 running on RHEL 10.1
Best regards
Franck