When you use an SSL certificate that was created by your own Certificate Authority, you will see the following error in the logs when you try to login through your OAuth2 provider:
[ERROR] Error requesting accessing token: "Can't connect to server.domain.com:443
(certificate verify failed)\n\nSSL connect attempt failed error:
1416F086: SSLroutines: tls_process_server_certificate: certificate verify failed
at /opt/opsview/perl/lib/perl5/LWP/Protocol/http.pm line 50.\n"
After failing the authentication process, you will be sent back to the Opsview login page with the following error:
Authentication Error: contact administrator
The Perl module used in this process utilizes Mozilla's bundle of Certificate Authority certificates. To resolve this issue, you will need to add your CA certificate to the bundle.
- Open and edit the following file: /opt/opsview/perl/lib/perl5/Mozilla/CA/cacert.pem. You will want to add your CA cert here to the cacert.pem file.
EXAMPLE Cert ECC RootCA1
==================================
-----BEGIN CERTIFICATE-----
MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD
VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t
dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL
IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo
BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK
BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L
snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e
N9k=
-----END CERTIFICATE-----
My CA Cert # Add your CA cert here at the bottom of the file
=================================
-----BEGIN CERTIFICATE-----
MIIDwzCCAqugAwIBAgIUfw2aMEK8CuUnCzX/MTkY0QbwhlEwDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlUZWNoIENp
dHkxFjAUBgNVBAoMDVN1cGVyIElUIERlcHQxEDAOBgNVBAsMB0lUIERlcHQxFzAV
IENpdHkxFjAUBgNVBAoMDVN1cGVyIElUIERlcHQxEDAOBgNVBAsMB0lUIERlcHQx
W7fTZ+X263YT2fOtYs49+nGnh6M1vheagPEoQGrBq93YueIYnwAHkeBSsjwnL+IZ
0rZYP2MRH3wxQArMKD92vXd7+i93YfYxobbDv68u/yI//jCpuol5vOZm42aku5t6
vIWSz5ENbpmkB3sjeTvNNekxXdbA+8VdReMiSylescABSlFUXAHDB4X90AB6H2zi
WQr7OblY0UuT/9nwIsi4TkpxezSd+vMLmb/eXIgGjFU2v/URPxxn7ntvmXxSMqJF
hChEjgS92g==
-----END CERTIFICATE-----Save and exit the file.
You have successfully added your CA certificate to the bundle. You can now login into Opsview through your OAuth2 provider and your SSL certificate will be correctly verified.
If you have any further questions:
- Please contact our Client Services team via the chat service box available on any of our websites or via email to support@itrsgroup.com
- Make sure you provide us:
- ANY LOG FILE OR DIAGNOSTIC
- ANY SCREENSHOT
Comments
0 comments
Please sign in to leave a comment.