[Xymon] https failure in 4.3.4, not in 4.2.3

Root, Paul Paul.Root at CenturyLink.com
Wed Aug 31 16:25:34 CEST 2011


I upgraded my last xymon server from 4.2.3 to 4.3.4 this morning. It went well, except for one little thing. https tests.

I found that my proxy machines just ran http tests, but my main server runs https tests. An oversight I'm now correcting. How I found this is that my tests are now failing:



red Wed Aug 31 09:21:47 2011: 

red https://iadnasp1.mns.qintra.com/ - 


Seconds:     0.06



If I run a curl on the site, I get:

$ curl https://iadnasp1
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Using the --insecure works correctly.

So, we have an internal CA. So I'm guessing I need to install the CA's certificate of authority to clear this issue up?
Where do I do that?

Paul.





Paul Root    - Engineer III  - Qwest is now CenturyLink



This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.



More information about the Xymon mailing list