https failure in 4.3.4, not in 4.2.3

31 Aug 2011

      I upgraded my last xymon server from 4.2.3 to 4.3.4 this morning. It went well, except for one little thing. https tests.
I found that my proxy machines just ran http tests, but my main server runs https tests. An oversight I'm now correcting. How I found this is that my tests are now failing:
red Wed Aug 31 09:21:47 2011: 
red https://iadnasp1.mns.qintra.com/ - 

Seconds:     0.06
If I run a curl on the site, I get:
$ curl https://iadnasp1
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Using the --insecure works correctly.
So, we have an internal CA. So I'm guessing I need to install the CA's certificate of authority to clear this issue up?
Where do I do that?
Paul.
Paul Root    - Engineer III  - Qwest is now CenturyLink
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

Paul.Root＠CenturyLink.com

henrik＠hswn.dk

Paul.Root＠CenturyLink.com

henrik＠hswn.dk

Paul.Root＠CenturyLink.com

tags

participants (2)