On Mon, 18 Mar 2019 at 23:36, Bruce Ferrell <bferrell at baywinds.org> wrote:
On 3/18/19 11:25 AM, SebA wrote:
I want to be able to test a TLS service that use server and client certificates, and the only way seems to be with http, but this is not an http(s) service. It would need to be configurable in protocols.cfg or some other way in hosts.cfg. I tried pretending it was https and it says 'SSL error' in the test output. It doesn't create the sslcert column either, or I could just disable the https test and still get the certificate monitoring, which is what I wanted most anyway.
Kind regards,
SebA
What does the openssl s_client test do?
openssl s_client -connect <host:port>
Hi Bruce,
When the certificate is expired the result on openssl-1.0.2k-12.109.amzn1.x86_64 (the local server) is: Verify return code: 10 (certificate has expired) However, the result on openssl-1.0.2k-12.el7.x86_64 (on the Xymon server) is: Verify return code: 20 (unable to get local issuer certificate)
Once the certificate is renewed the result on both versions is: Verify return code: 0 (ok)
Kind regards,
SebA