Hi, I had this problem once. You have to get your root CA and copy it to your default CA certificates directory on your Nagios server (on RedHat it is /etc/openldap/cacerts) or copy it where ever you want and add the line "TLS_CACERT /path/to/my/root/CA.pem" to your openldap configuration file.
It solved my problem. Marc-André On Fri, 2011-09-30 at 18:39 +0000, f.h...@comcast.net wrote: > I have been able to get check_ldap to work fine over the clear on port > 389. When I try to use ssl 636 it fails. It can't verify the cert > since it is our own CA and not a comercial CA that signed the cert. > > This is the error I get: > <SNIP> > ldap_bind: Can't contact LDAP server (-1) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Could not bind to the LDAP server > </SNIP> > > I am certain that it is the trust of the cert that is the problem. I > have googled this for half the day looking for the method to insert > our Root CA as trusted, but have had no luck. Anyone been able to > accomplish this? Think of it as a self signed cert installad on our > AD domain controllers. > > -paul > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include > Nagios version, plugin version (-v) and OS when reporting any issue. ::: > Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null