Wazuh API "wrong credentials"
774 views
Skip to first unread message
C. Dees
Jan 28, 2020, 2:15:38 PM1/28/20
to Wazuh mailing list
Configured ELK stack for security, followed guide and the primary elk node is online.
Attempted to secure the WAZUH API but receiving "wrong credentials" error, confirmed the user:pass is good, as I was able to use it to get to https://<wazuh-manager-ip>:55000 on my browser and authenticate with the credentials.
When attempting from Wazuh Manager to "CURL -u <wazuh-api-username>:<password> -XGET https://<wazuh-manager-ip>:55000?pretty" I am receiving "Curl 60 SSL Certificate problem, unable to get local issuer certificate.
When attempting from the ELK stack "CURL -u <wazuh-api-username>:<password> -XGET https://<wazuh-manager-ip>:55000?pretty" I am receiving "Curl 60 SSL certificate problem, self signed certificate.
The Wazuh manager starts and runs fine, it's just the Wazuh API I cannot seem to nail down.
C. Dees
Jan 28, 2020, 2:21:44 PM1/28/20
to Wazuh mailing list
I also followed the steps for creating CA on the server, created the CA chain, and wazuh manager certificate and key, located them in /var/ossec/configuration/ssl/
opened config.js and unmarked config.https lines and edited the following:
// Use HTTP protocol over TLS/SSL. Values: yes, no.
config.https = "yes";
// Use HTTP authentication. Values: yes, no.
config.basic_auth = "yes";
config.https = "yes";
// Use HTTP authentication. Values: yes, no.
config.basic_auth = "yes";
config.https_key = "/var/ossec/api/configuration/ssl/wazuh-manager.key"
config.https_cert = "/var/ossec/api/configuration/ssl/wazuh-manager.crt"
config.https_use_ca = "yes"
config.https_ca = "/var/ossec/api/configuration/ssl/ca-chain.crt"
config.https_cert = "/var/ossec/api/configuration/ssl/wazuh-manager.crt"
config.https_use_ca = "yes"
config.https_ca = "/var/ossec/api/configuration/ssl/ca-chain.crt"
C. Dees
Jan 28, 2020, 2:41:43 PM1/28/20
to Wazuh mailing list
I fixed it, I had gone back through the steps for securing the Wazuh api. I followed the second part for manually setting up https again, and I believe I needed to change these settings to the following.
config.https_key = "/var/ossec/api/configuration/ssl/server.key"
config.https_cert = "/var/ossec/api/configuration/ssl/server.crt"
config.https_use_ca = "no"
//config.https_ca
config.https_cert = "/var/ossec/api/configuration/ssl/server.crt"
config.https_use_ca = "no"
//config.https_ca
On Tuesday, January 28, 2020 at 1:15:38 PM UTC-6, C. Dees wrote:
Daniel Melgarejo
Jan 29, 2020, 2:17:51 AM1/29/20
to Wazuh mailing list
Hi C.Dees
Are you still having trouble with the API credentials? I saw a post from another user who had a similar problem. Do click in the link to know more about that. I think the final part is the most interesting:
And then, setup a password and restart the wazuh-api service
Thank you for sharing the steps you did. For sure, they will be very useful.
He changed https for http in the url. I recommend you do this step first.
If that does not work, you can follow these steps:
cd to /var/ossec/api/configuration/auth
sudo node htpasswd -c user myUserName I hope you find this information useful.
Best regards,
Daniel
Reply all
Reply to author
Forward
0 new messages