Hello everyone,
I have update my centreon of the version 23 to 24.
Since, i have this error
"SSL certificate problem: unable to get local issuer certificate for"
this error appears when I want to add a host
do you know this problem? How to fix it?
Hello
We have this example for the configuration, can you try with that instead of your configuration.
...
...
<VirtualHost *:443>
#####################
# SSL configuration #
#####################
SSLEngine On
SSLProtocol All -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ADH:!IDEA
SSLHonorCipherOrder On
SSLCompression Off
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
...
...as you have things like:
SSLProtocol all -TLSv1.2
SSLProtocol all +TLSv1.2 +TLSv1.3
On the one configuration.
Hello,
Same issue here.
SSL certificate problem: unable to get local issuer certificate for "https://123.456.789.000/centreon/api/latest/configuration/hosts".I had an expired certificate. I replaced it with the currently valid one. That wasn’t enough, same error message. I simply added a DNS entry covered by the certificate in the /etc/hosts file with the IP mentioned in the error message, and it worked.
I can add new hosts now.
Hi,
i have the same issue.. fresh installed 24.10.13
Cert is fine , is trusted…
can you do a curl to your FQDN from your CLI on the Central? Do you get any errors?
yes, curl is ok
* SSL certificate verify ok.
known CA
website https is ok .. Zertifikat is ok
LDAP Search is working
now is working 😎
i created a new chain
cat /etc/pki/tls/certs/root.crt /etc/pki/tls/certs/intermediate.crt > /etc/pki/tls/certs/sectigo_chain.crt
sudo update-ca-trust
sudo update-ca-trust extract
and restart httpd
what error do you see and where?
Sectigo chain in the redhat system was ok
curl -v https://cpint-cestst01.rbdom.rbroot.net --cacert /etc/pki/tls/certs/root_sectigo.crt
* Trying 10.236.23.87:443... * Connected to cpint-cestst01.rbdom.rbroot.net (10.236.23.87) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/root_sectigo.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.3 (OUT), TLS alert, unknown CA (560): *
SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
the certificate was not from root-ca
Root CA: Sectigo Public Server Authentication Root R46
↓
Intermediate: Sectigo Public Server Authentication CA OV R36
↓
Server-Zertifikat: cpint-cestst01.rbdom.rbroot.net
i create a new chan
cat /etc/pki/tls/certs/root.crt /etc/pki/tls/certs/intermediate.crt > /etc/pki/tls/certs/sectigo_chain.crt
sudo update-ca-trust
sudo update-ca-trust extract
in the centrron version 24.10.5 i think it was working .. ok now is fine :)
and restart httpd
that fine and working :)
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.