Hello,
Can’t use the top menu to export configuration, first it was permission issue on files I fixed them using :
chown apache:centreon-engine /etc/centreon-engine/*
chown apache:centreon-broker /etc/centreon-broker/*
But still, unable to use this menu.
I made a video showing this : https://vimeo.com/manage/videos/781758953
Problem on a 21.04 upgraded to 22.10 and on a fresh install from OVA (vmware) 22.10
Best answer by tntteam
View original
+1
Hello,
I have the same problem.
I fixed the permissions as you did.
The message is “There was an consistency error in the exported files - please use the legacy export menu to troubleshoot”.
When I use the legacy export, it works well.
+13
👋
🕵️♂️🚧
Hello,
Yes and yes !
I didnt think about this one as I am using my centreon behind a reverse proxy that do provide a valid cert
(me)--https-->(nginx with valid cert)--https-->(centreon without valid cert)
The problem is I failed to find an error log file saying what gone wrong :(
+1
Sorry, but I don’t understand your answer.
I have a valid cert, not errors in my log file.
Hello,
I have a web frontend (nginx) that use a valid certificate for https, and then reverse proxy the web traffic to the centreon server which is also https but with self signed (invalid) cert.
The problem is not fixed for me, I don’t know what to do to fix this. I don’t understand how it could be a certificate issue.
If I knew where to look for infos (which log file ?) I could try to find a solution.
+13
the export happens in the back end, so if it is a self signed cert you need the CA cert also included with your other CA’s in your Central. If you don’t have the CA of the self signed then Central can’t confirm is a valid connection and drops the request.
+5
the export happens in the back end, so if it is a self signed cert you need the CA cert also included with your other CA’s in your Central. If you don’t have the CA of the self signed then Central can’t confirm is a valid connection and drops the request.
Where do we place the CA certificate? We’re running on RHEL 8.6, I have tried some usual places but nothing works, perhaps I need it on specific servers.
Also, what we don’t understand is why there is a difference between performing it individually (legacy) and using the new all-in-one export? Surely if one way works the other should work the same.
Same problem, cant use the quick export configuration button, and sometime to apply the changes I have to restart from temrinal all services…
I also have a SSL certificate but it seems to be fine.
openssl s_client -connect ip_central:443And gives me a connected. And in the web I see it correctly.
+13
sudo cp selfsigned.ca.cert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trustFrom the legacy, the call is happening from the browser. Where in theory you have already accepted the self signed cert to it goes through. On the “All-in-1” the call happens from the server so it needs to communicate in the backend and the CA of the self signed cert needs to be added.
Also, can test your https with:
scl enable httpd24 -- /opt/rh/httpd24/root/usr/sbin/apachectl configtestsudo cp selfsigned.ca.cert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
In debian 11 also do we have to put the cert on a specific directory? appart from:
/etc/ssl/certs
/etc/ssl/privateIn which one?
+5
Also, can test your https with:
scl enable httpd24 -- /opt/rh/httpd24/root/usr/sbin/apachectl configtestThanks for the explanation, but the scl command doesn’t work for our RHEL 8.6 installations as copying the CA cert and the update made no difference.
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.