Nagios Support Forum

Hello,

we are trying to migrate our connection with active directory to active directory with certificate but we get bellow error after enabling ssl/tls

ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldaps://192.168.0.11)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.0.11:636
ldap_new_socket: 20
ldap_prepare_socket: 20
ldap_connect_to_host: Trying 192.168.0.11:636
ldap_pvt_connect: fd: 20 tm: -1 async: 0
attempting to connect:
connect success
TLS: warning: cacertdir not implemented for gnutls
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
[Wed Dec 30 11:44:39.671283 2020] [php7:warn] [pid 851] [client 192.168.241.52:64578] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: https://nagios.hq.aegeanair.com/nagiosx ... /index.php

we have imported the ca certificate to Nagios xi as you can see on the attached image Thank you

What OS is xi installed on and what version of openssl(run "openssl version" on the command line) is it using?

I'd like to verify what certificate the server is sending xi. To get this, please run:
let this run while you reproduce the logged message. Use CTRL+C to stop the tcpdump and send the output.pcap to me in a private message.

As a work around, try editing /etc/ldap/ldap.conf and/or /etc/openldap/ldap.confand and add the line: