Need help configuring SSL with Nagios xi

scottwilkerson · Post by **scottwilkerson** » Tue May 22, 2012 12:56 pm

for whatever reason your key/crt aren't matching you should lcreate them again after removing the ones that are there

rm -f /etc/pki/tls/certs/ca.crt /etc/pki/tls/private/ca.key /etc/pki/tls/private/ca.csr
rm -f ca.crt ca.key ca.csr

then

Code: Select all

openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

Finally try to restart httpd

tgfde · Post by **tgfde** » Tue May 22, 2012 2:20 pm

Ok httpd restarted ok.

But I think I continue on to the instruction and proceed with the following steps and restart httpd, httpd will not restart. Should I proceed with this?

Now that we have our key we have to tell httpd where to look for it. In your /etc/httpd/conf.d/ssl.conf , find the
SSLCertificateFile line and change these values:
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

scottwilkerson · Post by **scottwilkerson** » Tue May 22, 2012 2:37 pm

Yes, it should work fine

tgfde · Post by **tgfde** » Wed May 23, 2012 4:07 pm

Thanks everyone, I finally got SSL configured.

However, I need to disable non-SSL access. How do I do this?

Thanks.

scottwilkerson · Post by **scottwilkerson** » Wed May 23, 2012 7:43 pm

Once SSL is working you should be able to remove the following from your nagiosxi.conf

Code: Select all

#NameVirtualHost *:443
<VirtualHost *:80> # Add this line
<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios xi"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory> # Add this line
</VirtualHost>

and then restart apache

Code: Select all

service httpd restart

tgfde · Post by **tgfde** » Thu May 24, 2012 9:08 am

Hello,

I commented out the non_ssl portion on the nagiosxi.conf but still able to access nagios via http. Please see below.

###<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
## Options None
## AllowOverride None
## Order allow,deny
## Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios xi"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
###</Directory>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
</Directory>
</VirtualHost>

Alias /nagiosxi "/usr/local/nagiosxi/html"

scottwilkerson · Post by **scottwilkerson** » Thu May 24, 2012 9:14 am

Do you mean you can still access Nagios xi? ie, http://<SERVERNAME>/nagiosxi/

or do you mean the nagios core interface? ie, http://<SERVERNAME>/nagios/

tgfde · Post by **tgfde** » Thu May 24, 2012 10:32 am

Sorry for the confusion. I meant to say this, http://<SERVERNAME>/nagiosxi/.

Thanks.

scottwilkerson · Post by **scottwilkerson** » Thu May 24, 2012 1:18 pm

Did you restart apache?

Code: Select all

service httpd restart

tgfde · Post by **tgfde** » Thu May 24, 2012 1:24 pm

Yes, I did. I even clreared my browser cache and was still able to access nagiosxi via http.

Nagios Support Forum

Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi

Re: Need help configuring SSL with Nagios xi