How to debug "SSL error" on https test(s)?
Hey everyone-
So a recent web server I have configured is causing Xymon to get an "SSL Error". Even with DEBUG enabled in xymonnet, I don't see anything useful.
All I see is,
32183 2019-04-23 15:14:54.869387 Calc http color host morn.rgd.mcw.edu : 32183 2019-04-23 15:14:54.869389 https://scge.mcw.edu/(red) 32183 2019-04-23 15:14:54.869391 --> red 32183 2019-04-23 15:14:54.869393 Adding to combo msg: status+30 morn,rgd,mcw,edu.http red Tue Apr 23 15:14:52 2019: SSL error
In other words, even with debug enabled, all I see is "SSL error". When I connect to the site with any browser, there are no SSL or certificate issues. In fact, I have dozens of apache web sites all with certs. But this one is causing me fits and I don't know why.
ANY help getting "more" debug info would be super appreciated!
Thanks all --Kent
I was able to look at your cert with this: echo | openssl s_client -connect scge.mcw.edu:443
I got no errors. If you run this from the xymonnet host, do you see errors?
I see you're using a cert from InCommon. Are your other tests from that same xymonnet server succeeding using InCommon certs?
HTH, Dave
On Wed, 24 Apr 2019, Brodie, Kent wrote:
Hey everyone—
So a recent web server I have configured is causing Xymon to get an “SSL Error”. Even with DEBUG enabled in xymonnet, I don’t see anything useful.
All I see is,
32183 2019-04-23 15:14:54.869387 Calc http color host morn.rgd.mcw.edu : 32183 2019-04-23 15:14:54.869389 https://scge.mcw.edu/(red) 32183 2019-04-23 15:14:54.869391 --> red
32183 2019-04-23 15:14:54.869393 Adding to combo msg: status+30 morn,rgd,mcw,edu.http red Tue Apr 23 15:14:52 2019: SSL error
In other words, even with debug enabled, all I see is “SSL error”. When I connect to the site with any browser, there are no SSL or certificate issues. In fact, I have dozens of apache web sites all with certs. But this one is causing me fits and I don’t know why.
ANY help getting “more” debug info would be super appreciated!
Thanks all --Kent
I was able to look at your cert with this: echo | openssl s_client -connect scge.mcw.edu:443
I got no errors. If you run this from the xymonnet host, do you see errors?
I see you're using a cert from InCommon. Are your other tests from that same xymonnet server succeeding using InCommon certs?
That command works great from the xymon host. We have DOZENS of incommon certs all over. They all work without issue. The CSR's are all generated with the same script, the certs all come from the same corporate-licensed source for Incommon.
My question remains.... is it possible to get more debugging from XYMONNET....??? Hoping to heck that can somehow TELL me what the "SSL Error" is..?
On 4/24/2019 9:20 AM, Brodie, Kent wrote:
So a recent web server I have configured is causing Xymon to get an “SSL Error”. Even with DEBUG enabled in xymonnet, I don’t see anything useful.
I'd be trying to do with with xymoncmd xymonnet --no-update --debug hostname
Then I can play with the various --ssl options to see if they made any difference.
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska
I'd be trying to do with with xymoncmd xymonnet --no-update --debug hostname
Then I can play with the various --ssl options to see if they made any difference.
And now it's green. **And I've changed nothing**
I am writing this off to "solar flares".
That said, thank you for the info, THAT gave me useful debugging. I will file that for future use.
participants (3)
-
brodie@mcw.edu
-
doughnut@doughnut.net
-
john.thurston@alaska.gov