Skip to main content

Hello everyone, 
I have update my centreon of the version 23 to 24.
Since, i have this error 
"SSL certificate problem: unable to get local issuer certificate for" 
this error appears when I want to add a host

do you know this problem? How to fix it?

Hello,

I have the exact same issue, but only while updating centreon from version 24.04.07 to 24.10.01.

When I try to create a new host (and only when I perform that operation), I have the following message :

My certificate is signed by a CA of my own (almost like described in that link) and my virtualhost looked like that :

# Section added by Centreon Install Setup
#
Define base_uri "/centreon"
Define install_dir "/usr/share/centreon"

ServerTokens Prod

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    Header set X-Frame-Options: "sameorigin"
    Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;SameSite=Strict
    ServerSignature Off
    TraceEnable Off

    <IfModule mod_ssl.c>
       SSLEngine On
       SSLCertificateFile /etc/apache2/ssl/monitoring.xxx.local.crt
       SSLCertificateKeyFile /etc/apache2/ssl/xxx.local.key
       SSLCACertificateFile /etc/apache2/ssl/xxxCA.pem
    </IfModule>

    Alias ${base_uri}/api ${install_dir}
    Alias ${base_uri} ${install_dir}/www/

   <IfModule mod_brotli.c>
        AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript application/json
    </IfModule>

    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json

    <LocationMatch ^\${base_uri}/?(?!api/latest/|api/beta/|api/v[0-9]+/|api/v[0-9]+\.[0-9]+/)(.*\.php(/.*)?)$>
        ProxyPassMatch "fcgi://127.0.0.1:9042${install_dir}/www/$1"
    </LocationMatch>

    <LocationMatch ^\${base_uri}/?(authentication|api/(latest|beta|v[0-9]+|v[0-9]+\.[0-9]+))/.*$>
        ProxyPassMatch "fcgi://127.0.0.1:9042${install_dir}/api/index.php/$1"
    </LocationMatch>

    ProxyTimeout 300
    ErrorDocument 404 ${base_uri}/index.html
    Options -Indexes +FollowSymLinks

    <IfModule mod_security2.c>
        # https://github.com/SpiderLabs/ModSecurity/issues/652
        SecRuleRemoveById 200003
    </IfModule>

    <Directory "${install_dir}/www">
        DirectoryIndex index.php
        AllowOverride none
        Require all granted
        FallbackResource ${base_uri}/index.html
    </Directory>

    <Directory "${install_dir}/api">
        AllowOverride none
        Require all granted
    </Directory>

    <If "'${base_uri}' != '/'">
        RedirectMatch ^/$ ${base_uri}
    </If>
</VirtualHost>

So to add a new host I need to disable SSL on the Virtualhost and access to Centreon in plain text …

Do someone has a workaround ?

Thank you very much for your time.

Regards,

Thierry

I have the same issue. Any workaround?

I have the same issue.

Any solution ?

I have the same issue with the latest update 24.10.2

For information I have resolved this problem with add the certificate of the webserver Centreon in the CA Authority in RHEL, /etc/pki/tls/certs/ca-bundle.crt

 

I don’t know why but my certificate was in state “UNKNOWN: 500 Can't connect to (certificate verify failed)”, view with the command “curl -I https://websitecentreon”

I have the same issue with the latest update 24.10.2

@sibeasc : i add the information of the .crt in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem and restart cbd/centengine/centreon/gorgoned/httpd but no change...

I don’t have need to restart gorgoned service.
Dont’t you have the file ca-bundle.crt ?

no

/etc/pki/tls/certs/
total 12
lrwxrwxrwx. 1 root root   49 Jul 24 11:54 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55 Jul 24 11:54 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 2423 Apr  4  2023 centreon.xxx.cer
-rw-r--r--. 1 root root 1424 Apr  4  2023 centreon.xxx.crt

Are you sure of the certificate add in this file is correct ?

i notice there is two different problem in this thread:

the original (same as me) : 

SSL certificate problem: unable to get local issuer certificate for "https://centreon.XXX/centreon/api/latest/configuration/hosts".

the second problem from ​@thierry.lamoureux : 

SSL certificate problem: self-signed certificate in certificate chain for "https://centreon.XXX/centreon/api/latest/configuration/hosts".

 

@sibeasc  your solution work for the second problem but not my problem..

 

 

 

@SavCent have you refreshed your chain after the import something like

sudo cp your-ca-cert.crt /etc/pki/ca-trust/source/anchors/

sudo update-ca-trust extract

you can also do a check from your host with a

curl https://centreon.XXX/centreon/ -vvv 

 

@SavCent  For me it has worked for problem “SSL certificate problem: unable to get local issuer certificate”.

we find the solution:

we cp the caentreprise.cer is containing the intermediate certificate of the chain in /etc/pki/ca-trust/source/anchors/

update-ca-trust extract

and it’s ok

So the problem was missing the intermediate certificate.

Reply


Terms & ConditionsCookie settings