Browsers are a pretty opaque tool for testing certificates because of caching and locally stored certificates. Try openssl:
openssl s_client -connect hostname:443 -showcertsYou should see the whole chain of certificates going back to a root cert. Are you missing an intermediate certificate? You may need to add it to the ssl config in the webserver - in apache you can just concatenate your host cert and the intermediate.
s_client shows the status of the connection at the bottom:
Verify return code: 0 (ok)Not 0 is an error of course.
As s_client opens a connection, you need to CTRL-C to break out (or issue an http command if you wish)
Hope that helps.
But now it simply refuses to get a valid https connection from the Xymon server eventhough you can web-browse to it with no issues and the browser says there is a valid https/cert/connection? Is there any place in Xymon I can see why it is failing?
On Tue, Jun 27, 2017 at 3:39 PM, John Thurston <john.thurston at alaska.gov<mailto:john.thurston at alaska.gov>> wrote: On 6/27/2017 11:17 AM, Zoltan Forray wrote: We are constantly having issues with sslcert alerts going non-green eventhough it says the cert is fine. Related to this is there being an issue getting to the https page from the Xymon server yet I can access it just fine from my browser.
Any failure to establish an SSL connection will result in an error under sslcert. Could it be a failure to negotiate a secure connection due to an unreliable network connection?
I suggest looking in the error log on your web server. You may find severed or incomplete connection attempts.
-- Do things because you should, not just because you can.
John Thurston 907-465-8591<tel:907-465-8591> John.Thurston at alaska.gov<mailto:John.Thurston at alaska.gov> Department of Administration State of Alaska
Xymon mailing list Xymon at xymon.com<mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon
-- Zoltan Forray Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu<http://www.ucc.vcu.edu> zforray at vcu.edu<mailto:zforray at vcu.edu> - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html