Articles > Linux
Printer Friendly Version
Views: 4627

Nagios XI (CentOS 7) AD Integration Error: unable to get local issuer certificate

Last Updated: 5/1/20

Problem:

Could not login to Nagiox XI web application running on CentOS 7 using my Active Directory (AD) credentials.

Error message:

If I choose "import users from AD" and enter my credentials I get this error:
Unable to authenticate: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)

ran this command to confirm the problem:
openssl s_client -showcerts -connect server-name.domain.tld:636


CONNECTED(00000003)
depth=0 CN = server-name.domain.tld
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = server-name.domain.tld
verify error:num=21:unable to verify the first certificate
verify return:1

 

Solution:

used filezilla to copy my CA cert to both of these folders:
/etc/pki/CA/certs
/etc/pki/ca-trust/source/anchors

*Not sure which folder it actually needed to be in.

then I ran this command:
update-ca-trust force-enable

then I tested with openssl:
openssl s_client -showcerts -connect server-name.domain.tld:636

no errors.

tested with Nagiox XI login using AD credentials: successful


CentOS Linux release 7.7.1908 (Core)





Keywords: none