Hi,
This is for the sslcert service:
I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one?
start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago
Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
Hi Frank,
Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg.
Kind regards, SebA
On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net> wrote:
Hi,This is for the sslcert service:
I have xymon monitoring a web site where the certificate has beenchanged twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one?
start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago
Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/ CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/ CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
My Windows machine + Chrome believes that certificate is good until 2019...
https://i.imgur.com/JiSHntT.png
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Tue, Jan 9, 2018 at 11:19 AM, SebA <spah at syntec.co.uk> wrote:
Hi Frank,
Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/ hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg.
Kind regards, SebA
On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net> wrote:
Hi,This is for the sslcert service:
I have xymon monitoring a web site where the certificate has beenchanged twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one?
start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago
Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN= serv1.thesweetbasket.com/emailAddress=frank at canasoft.net start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1. thesweetbasket.com/emailAddress=frank at canasoft.net signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Your Windows machine + Chrome is using SNI.
On 9 January 2018 at 16:25, Josh Luthman <josh at imaginenetworksllc.com> wrote:
My Windows machine + Chrome believes that certificate is good until 2019...
https://i.imgur.com/JiSHntT.png
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> Suite 1337 <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> Troy, OH 45373 <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>
On Tue, Jan 9, 2018 at 11:19 AM, SebA <spah at syntec.co.uk> wrote:
Hi Frank,
Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts. cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg.
Kind regards, SebA
On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net> wrote:
Hi,This is for the sslcert service:
I have xymon monitoring a web site where the certificate has beenchanged twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one?
start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago
Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1 .thesweetbasket.com/emailAddress=frank at canasoft.net start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1. thesweetbasket.com/emailAddress=frank at canasoft.net signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
After trial and error: This is what worked:
https://www.thesweetbasket.com/en/ sni
On 1/9/18 11:41, SebA wrote:
Your Windows machine + Chrome is using SNI.
On 9 January 2018 at 16:25, Josh Luthman <josh at imaginenetworksllc.com <mailto:josh at imaginenetworksllc.com>> wrote:
My Windows machine + Chrome believes that certificate is good until 2019... https://i.imgur.com/JiSHntT.png <https://i.imgur.com/JiSHntT.png> Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> Suite 1337 <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> Troy, OH 45373 <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> On Tue, Jan 9, 2018 at 11:19 AM, SebA <spah at syntec.co.uk <mailto:spah at syntec.co.uk>> wrote: Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com <http://www.thesweetbasket.com> resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html <http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html> But, the short answer is you can probably just add the sni tag to your host in hosts.cfg. Kind regards, SebA On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net <mailto:ve2cii at canasoft.net>> wrote: Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ <https://www.thesweetbasket.com/en/> expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net <mailto:subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net> start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net <mailto:issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net> signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadmcronomagic.com/gemstelecom.com <http://cronomagic.com/gemstelecom.com> e-mailve2cii at canasoft.net <mailto:ve2cii at canasoft.net> POWERED BY LINUX _______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon <http://lists.xymon.com/mailman/listinfo/xymon> _______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon <http://lists.xymon.com/mailman/listinfo/xymon>
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
I was able to configure the rest of the sites I wanted, and all is working properly. Thank you!.
On 1/9/18 11:49, Frank wrote:
After trial and error: This is what worked:
https://www.thesweetbasket.com/en/ sni
On 1/9/18 11:41, SebA wrote:
Your Windows machine + Chrome is using SNI.
On 9 January 2018 at 16:25, Josh Luthman <josh at imaginenetworksllc.com <mailto:josh at imaginenetworksllc.com>> wrote:
My Windows machine + Chrome believes that certificate is good until 2019... https://i.imgur.com/JiSHntT.png <https://i.imgur.com/JiSHntT.png> Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> Suite 1337 <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> Troy, OH 45373 <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g> On Tue, Jan 9, 2018 at 11:19 AM, SebA <spah at syntec.co.uk <mailto:spah at syntec.co.uk>> wrote: Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com <http://www.thesweetbasket.com> resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html <http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html> But, the short answer is you can probably just add the sni tag to your host in hosts.cfg. Kind regards, SebA On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net <mailto:ve2cii at canasoft.net>> wrote: Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ <https://www.thesweetbasket.com/en/> expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net <mailto:subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net> start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net <mailto:issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net> signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadmcronomagic.com/gemstelecom.com <http://cronomagic.com/gemstelecom.com> e-mailve2cii at canasoft.net <mailto:ve2cii at canasoft.net> POWERED BY LINUX _______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon <http://lists.xymon.com/mailman/listinfo/xymon> _______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon <http://lists.xymon.com/mailman/listinfo/xymon>--
sysadm cronomagic.com/gemstelecom.com e-mailve2cii at canasoft.net
POWERED BY LINUX
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
I tried this an no go. Not sure if I am doing this correctly as the hosts.cfg file is not clear:
https://www.thesweetbasket.com/en/;sni;
sni;https://www.thesweetbasket.com/en/
On 1/9/18 11:19, SebA wrote:
Hi Frank,
Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com <http://www.thesweetbasket.com> resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg.
Kind regards, SebA
On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net <mailto:ve2cii at canasoft.net>> wrote:
Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ <https://www.thesweetbasket.com/en/> expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net <mailto:subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net> start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net <mailto:issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=frank at canasoft.net> signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadmcronomagic.com/gemstelecom.com <http://cronomagic.com/gemstelecom.com> e-mailve2cii at canasoft.net <mailto:ve2cii at canasoft.net> POWERED BY LINUX _______________________________________________ Xymon mailing list Xymon at xymon.com <mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon <http://lists.xymon.com/mailman/listinfo/xymon>
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
It's a separate tag - you need a space between sni and the URL.
On 9 January 2018 at 16:44, Frank <ve2cii at canasoft.net> wrote:
I tried this an no go. Not sure if I am doing this correctly as thehosts.cfg file is not clear:
https://www.thesweetbasket.com/en/;sni;
sni;https://www.thesweetbasket.com/en/
On 1/9/18 11:19, SebA wrote:
Hi Frank,
Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/ hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg.
Kind regards, SebA
On 9 January 2018 at 16:06, Frank <ve2cii at canasoft.net> wrote:
Hi,This is for the sslcert service:
I have xymon monitoring a web site where the certificate has beenchanged twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one?
start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago
Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN= serv1.thesweetbasket.com/emailAddress=frank at canasoft.net start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1. thesweetbasket.com/emailAddress=frank at canasoft.net signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
--
sysadm cronomagic.com/gemstelecom.com e-mail ve2cii at canasoft.net
POWERED BY LINUX
participants (3)
-
josh@imaginenetworksllc.com
-
spah@syntec.co.uk
-
ve2cii@canasoft.net