Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.4.1 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

Cannot establish communication : 500 .... (certificate verify failed)

Hello to everyone smiley

Firstly, sorry for my english

I am a bit desesperate since friday crying

I have navigated on many discussions, like this one, but without solutionindecision And my "friend" Goggle doesn't give a useful clue.sad

My agent OCS cannot send their informations by https to the server OCS.

Can someone help me pleaseangel

My configuration :

  • Linux Ubuntu 16.04.1 on virtual machine (like the agent)
  • Apache 2.4.18
  • PHP 5.6.29-1
  • Mysql 5.7.16
  • OCS 2.3R
  • GLPI 9.1.1

It works only by http, but the problem is that I will have quickly to build a new server OCS/GLPI outside my company, so https is the only solution.

At the beginning, I create a certificate, using this method :

openssl genrsa -des3 -out server.key 1024

mv server.key server-old.key

openssl rsa -in server-old.key -out server.key

openssl req -new -key server.key -out server.csr

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

cp server.crt /etc/apache2/ssl/

cp server.key /etc/apache2/ssl/

a2ensite ssl.conf

/etc/init.d/apache2 restart

Then I changed the lies to the certificate into "/etc/apache2/sites-available/ssl.conf" :

        SSLCertificateKeyFile /etc/apache2/ssl/server.key

        SSLCertificateFile /etc/apache2/ssl/server.crt

I renamed the file "server.crt" to "cacert.pem" and copied it into the agent in /var/lib/ocsinventory-agent

My certificates looks like :

-----BEGIN CERTIFICATE-----

[..................................................]

-----END CERTIFICATE-----

I modifed the ocsinventory-agent.cfg 's configuration

server=https://myserverocs.com/ocsinventory
tag=myagentocs
ca=/var/lib/ocsinventory-agent/cacert.pem
basevardir=/var/lib/ocsinventory-agent
#debug=1
#logfile=/var/log/ocsinventory-agent

Moreover, I tested the certificates on an agent based on Windows seven with this configuration :

[OCS Inventory Agent]
ComProvider=ComHTTP.dll
Debug=0
Local=
NoSoftware=0
HKCU=0
NoTAG=1
IpDisc=
[HTTP]
Server=https://myserverocs.com:443/ocsinventory
SSL=1
CaBundle=C:\ProgramData\OCS Inventory NG\Agent\cacert.pem
AuthRequired=0
User=
Pwd=
ProxyType=0
Proxy=
ProxyPort=0
ProxyAuthRequired=0
ProxyUser=
ProxyPwd=
[OCS Inventory Service]
TTO_WAIT=19260
PROLOG_FREQ=24
OLD_PROLOG_FREQ=24

The result on the agent based on Windows seven :

==============================================================================
Starting OCS Inventory NG Agent on Wednesday, February 08, 2017 10:11:28.
AGENT => Running OCS Inventory NG Agent Version 2.1.1.3
AGENT => Using OCS Inventory NG FrameWork Version 2.1.1.3
AGENT => Loading plug-in(s)
AGENT => Using network connection with Communication Server
AGENT => Using Communication Provider <OCS Inventory NG cURL Communication Provider> Version <2.1.1.3>
AGENT => Sending Prolog
ERROR *** AGENT => Failed to send Prolog <Peer certificate cannot be authenticated with given CA certificates>
AGENT => Unloading communication provider
AGENT => Unloading plug-in(s)
AGENT => Execution duration: 00:00:00.

==============================================================================

But when I try to send information from a agent :

root@myserverocs:~# sudo ocsinventory-agent --debug
[debug] Ocsinventory unified agent for UNIX, Linux and MacOSX 2.0.5
[debug] Log system initialised (Stderr)
[debug] --scan-homedirs missing. Don't scan user directories
[debug] Accountinfo file: /var/lib/ocsinventory-agent/https:__frelon.intranet.sereneo.com_ocsinventory/ocsinv.adm
[debug] OCS Agent initialised
[debug] Turns hooks on for /etc/ocsinventory/modules.conf
[debug] Ocsinventory unified agent for UNIX, Linux and MacOSX 2.0.5
[debug] Log system initialised (Stderr)
[debug] Calling handlers : `start_handler'
[debug] [download] Calling download_start_handler
[debug]  - Net::SSLeay qw(die_now die_if_ssl_error) loaded
[debug] Compress::Zlib is available.
[debug] Calling handlers : `prolog_writer'
[debug] sending XML
[debug] sending: <?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
  <DEVICEID>myserverocs-2017-02-06-15-42-17</DEVICEID>
  <QUERY>PROLOG</QUERY>
</REQUEST>
[error] Cannot establish communication : 500 Can't connect to myserverocs.com:443 (certificate verify failed)

Do you have any clue ? Do you find any mistakes on my configuration ?

Thank you in advance yes

asked in OCS Inventory NG server for Unix by (200 points)

2 Answers

0 votes

Thanks in advance for you Helpsmiley

I would like just to know :

  • The path to the certificate on the agent (windows and linux) ?
    • /var/lib/ocsinventory-agent/                                   -> for Linux Debian agent ?
    • C:\ProgramData\OCS Inventory NG\Agent             -> for Windows Seven agent ?

  • Is the certificate only the "server.crt" renamed in "cacert.pem", or I need also the "server.key"

Thank you again

answered by (200 points)
0 votes

Nobody can help me crying

answered by (200 points)
 
Powered by Question2Answer
...