Thanks for the info. You lead me in the right direction. Once I figured out the format of the default ca-bundle.crt, I added my corporation's intermediate and root certs. I then added that file and path to the openldap config file as you mention, and I was in business.
-prp -----Original Message----- From: Marc-André Doll [mailto:[email protected]] Sent: Monday, October 03, 2011 1:45 AM To: [email protected] Subject: Re: [Nagios-users] Certificate problems with check_ldap Hi, I had this problem once. You have to get your root CA and copy it to your default CA certificates directory on your Nagios server (on RedHat it is /etc/openldap/cacerts) or copy it where ever you want and add the line "TLS_CACERT /path/to/my/root/CA.pem" to your openldap configuration file. It solved my problem. Marc-André On Fri, 2011-09-30 at 18:39 +0000, [email protected] wrote: > I have been able to get check_ldap to work fine over the clear on port > 389. When I try to use ssl 636 it fails. It can't verify the cert > since it is our own CA and not a comercial CA that signed the cert. > > This is the error I get: > <SNIP> > ldap_bind: Can't contact LDAP server (-1) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Could > not bind to the LDAP server </SNIP> > > I am certain that it is the trust of the cert that is the problem. I > have googled this for half the day looking for the method to insert > our Root CA as trusted, but have had no luck. Anyone been able to > accomplish this? Think of it as a self signed cert installad on our > AD domain controllers. > > -paul > > ---------------------------------------------------------------------- > -------- All of the data generated in your IT infrastructure is > seriously valuable. > Why? It contains a definitive record of application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ Nagios-users mailing > list [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please > include Nagios version, plugin version (-v) and OS when reporting any > issue. ::: Messages without supporting info will risk being sent to > /dev/null ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
