On 31/07/2019 13:00, David Hickenbottom wrote:
Hi,
First of all Thank You!? This is a fantastic product.? I have two problems.? The first is with regards to SSL monitoring.? I have a group of 20 or so webservers.? Half monitor the SSL certificate correctly, the others act like they do not see one.
It looks good from every way I can look at it, but Xymon is not happy!
Is there a way for me to see what is going on? Bit of a guess here: do you need to use SNI (https://en.wikipedia.org/wiki/Server_Name_Indication) for the hosts where the test fails? Assuming this is the built in sslcert test performed by xymonnet, you can run it yourself with e.g.
/usr/lib/xymon/server/bin/xymonnet pr26.imbills.com --noping --no-update
where --no-update will print the test output to stdout rather than reporting to your xymon server. (NB that'll run all the xymonnet tests, not just sslcert) If you need SNI, you can add --sni=on to that command as a test, and/or add "sni" to the relevant line in hosts.cfg.
You can also add --debug to the above xymonnet command, which might or might not give you information about the failure.
Adam