This looks odd. I thought I remembered Henrik saying that xymon doesn't test ca chains, and found this:
">_ So, we have an internal CA. So I'm guessing I need to install the CA's certificate of authority to clear this issue up? _ No, you don't. Xymon doesn't perform validation of certificate chains like curl does - essentially, Xymon behaves like curl with the "--insecure" option. Try running "xymonnet --version" to see if it is able to load the SSL library at all - you should see the SSL library version listed. If that doesn't give you a clue, run "xymoncmd xymonnet --debug HOSTNAME" and see what details it gives about why it cannot connect to the site."
(http://lists.xymon.com/pipermail/xymon/2011-August/032384.html)
But the problem in that instance was the openssl libraries not being linked into xymon, and if that were Jason's case I'd expect the godaddy certs to be failed as well. In any case, the diagnostics Henrik calls out might give a clue.
On 2013-01-24 19:39, Ralph Mitchell wrote:
It sounds like perhaps your internal CA certificate(s) are no longer available for xymon to validate the server certificates. I don't have a Fedora18 installation handy right now, but looking at CentOS 6, the CA cert bundle is part of the ca-certificates RPM:
/etc/pki/tls/certs/ca-bundle.crt
You could try adding your CA cert
pem file to the end of that file, or wherever the bundle lives.
Ralph Mitchell
On Thu, Jan 24, 2013 at 3:43 PM, Jason Chambers
<Jason.Chambers at geosoft.com> wrote:
Hi all,
I just
upgraded to Fedora 18, and now servers that have SSL signed by our internal CA is failing. The http test simply shows "SSL error" meanwhile our public (GoDaddy) certs aren't causing issues. Is there a log file I can peer into to find out why I'm getting these error messages all of a sudden?
Jason Chambers Network Administrator | Geosoft
geosoft.com [1] | blog [2] | twitter [3] | linkedIn [4] | facebook [5] | T +1 416.369.0111 #344 [6] | M +1 416.508.1410 [7]
Trending topic
on Earth Explorer: VOXI Earth Modelling [8]
Xymon mailing list
Xymon at xymon.com
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon [9]
Links:
[1] http://www.geosoft.com/ [2] http://blogs.geosoft.com/ [3] http://twitter.com/geosoft [4] http://www.linkedin.com/company/geosoft-inc. [5] http://www.facebook.com/GeosoftInc [6] tel:%2B1%20416.369.0111%20%23344 [7] tel:%2B1%20416.508.1410 [8] http://www.earthexplorer.com/2012/Introduction_of_VOXI_Earth_Modelling_techn... [9] http://lists.xymon.com/mailman/listinfo/xymon