Yes. I view xymon's sslcert test as an expiration alert.
I've been tinkering with implementing a more thorough test via https://www.ssllabs.com/ssltest/ , but haven't done it yet. It should be doable, using their public APIs. Probably not the kind of thing you need to run for every server, but it would be nice to run it once a day, maybe, for important internet-facing servers.
g
-----Original Message----- From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mark Felder Sent: Monday, November 09, 2015 15:25 To: xymon at xymon.com Subject: Re: [Xymon] SSL Certificate test failure
On Mon, Nov 9, 2015, at 15:18, Scot Kreienkamp wrote:
Hi there,
I am testing a site in Xymon that is testing OK, but throws an SSL error in the browser. Wondering why that was, I looked at the certificate for the site... it doesn't match the domain name of the site that's serving it, which causes the browser to display an SSL error. I was expecting Xymon to do the same. Apparently Xymon doesn't check to make sure the certificate matches the URL.
Xymon doesn't check the chain of trust or validate the hostname of the certificate. It will gladly tell you if it expires, though :)
It would be nice to teach Xymon to validate the certificate more thoroughly.
-- Mark Felder feld at feld.me
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon