Certificate problems with check_ldap

Marc-André Doll mad at b-care.net
Mon Oct 3 08:44:56 CEST 2011

Previous message: Average Check latency and execution time growth - 3.2.3
Next message: Certificate problems with check_ldap
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I had this problem once. You have to get your root CA and copy it to
your default CA certificates directory on your Nagios server (on RedHat
it is /etc/openldap/cacerts) or copy it where ever you want and add the
line "TLS_CACERT /path/to/my/root/CA.pem" to your openldap configuration
file.

It solved my problem.

Marc-André

On Fri, 2011-09-30 at 18:39 +0000, f.hugh at comcast.net wrote:
> I have been able to get check_ldap to work fine over the clear on port
> 389.  When I try to use ssl 636 it fails.  It can't verify the cert
> since it is our own CA and not a comercial CA that signed the cert.  
> 
> This is the error I get:
> <SNIP>
> ldap_bind: Can't contact LDAP server (-1)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Could not bind to the LDAP server
> </SNIP>
>  
> I am certain that it is the trust of the cert that is the problem.  I
> have googled this for half the day looking for the method to insert
> our Root CA as trusted, but have had no luck.  Anyone been able to
> accomplish this?  Think of it as a self signed cert installad on our
> AD domain controllers.
>  
> -paul
> 
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________ Nagios-users mailing list Nagios-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Average Check latency and execution time growth - 3.2.3
Next message: Certificate problems with check_ldap
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list