Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

Problem with certificate configuration

Good morning, I installed OCS Inventory on a Red Hat Enterprise Linux Server 7.6. I have created the apache.crt and apache.key files from a company .pfx certificate and copied them to / etc / httpd / ssl. I have also created the cacert.pem file from apache.crt. I have modified the files:

httpd.conf:

Listen IP.OF.SER.VER: 443

ServerAdmin *Emails are not allowed*ISHED

ServerName NAME.OFSERVER.PUBLISHED: 443

ocsinventory-reports.conf:

uncommenting the SSLRequireSSL line

ssl.conf:

Listen 4443 https

<VirtualHost IP.OF.SER.VER: 443>

ServerName NAME.OFSERVER.PUBLISHED: 443

SSLEngine on

SSLCertificateFile /etc/httpd/ssl/apache.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache.key

If I configure the ocsinventory.ini on clients:

Server = https: //NAME.OFSERVER.PUBLISHED/ocsinventory

SSL = 1

CaBundle = cacert.pem

The inventory is collected correctly.

The problem is that if I configure the ocsinventory.ini:

Server = https: //NAME.OFSERVER.PUBLISHED/ocsinventory

SSL = 0

CaBundle =

It also collects the equipment data. Where am I failing in the configuration?
in OCS Inventory NG server for Unix by (400 points)

3 Answers

0 votes
  • PHP Version :
  • Web Server :
  • Database Server :
  • Version OCSReports:
  • 7.3.7
  • Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.3.7 mod_perl/2.0.10 Perl/v5.16.3
  • MySQL Community Server (GPL) version 5.7.18-log
  • 2.6
Any idea?
by (400 points)
0 votes
HI,

ssl.conf:

Listen 4443 https <--- one problem  here

your certificate have a cn=FQDN ?

Regards
by (5.7k points)
0 votes

I have done several tests, currently the settings I have are these:

httpd.conf:

Listen 80

ServerAdmin XXX

ServerName NAME.OFSERVER.PUBLISHED

<Directory />

    AllowOverride none

    Require all denied

</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">

    AllowOverride None

    Require all granted

</Directory>

<Directory "/var/www/html">

    Options -Indexes -FollowSymLinks

    AllowOverride None

    Require all granted

</Directory>

<Directory /usr/share>

    AllowOverride None

    Require all granted

</Directory>

ssl.conf

Listen 443 https

<VirtualHost _default_:443>

ServerName NAME OFSERVER PUBLISHED

SSLEngine on

SSLProtocol all -SSLv2 -SSLv3

SSLCertificateFile /etc/httpd/ssl/cert.crt

SSLCertificateKeyFile /etc/httpd/ssl/cert.key

</VirtualHost>  

My certificate is that of the company, I have followed the instructions to create the files .crt, key and .pem. I have also tried to create a certificate with openssl, putting in cn = NAME OFSERVER PUBLISHED. This test also works with SSL = 1. The problem remains that if I put the SSL = 0 I would also invent the equipment.

by (400 points)
 
Powered by Question2Answer
...