[Xymon] Intermediate cert monitoring

Ralph Mitchell ralphmitchell at gmail.com
Sat Feb 28 04:24:43 CET 2015


Having the Xymon server validate the intermediate certificates won't help
if they're missing off the server that owns the certificate.  The Xymon
server would have the certs installed and always get a match.

Where are the intermediate certs missing?  Does the web server even start
properly if it can't validate its own cert?

Ralph Mitchell



On Thu, Feb 26, 2015 at 1:51 PM, Eli via Xymon <xymon at xymon.com> wrote:

> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
> ---------- Forwarded message ----------
> From: Eli <eliap09 at yahoo.com>
> To: Mark Felder <feld at feld.me>
> Cc: xymon at xymon.com
> Date: Thu, 26 Feb 2015 11:50:43 -0700
> Subject: Re: [Xymon] Intermediate cert monitoring
> The issue was missing or not installed. As you know newer browsers doesn't
> have problem but the older one show cert error when the intermediate cert
> missing. We have bunch of cert so some time engineers forget to install the
> intermediate cert and caused issue.
>
>
> Mark Felder <feld at feld.me> wrote:
>
> What was the exact problem with the intermediate certificate? What
> should be monitored? Maybe we can come up with a way to add additional
> monitoring parameters to Xymon's SSL monitoring if we know exactly what
> should be monitored.
>
> My first guess is expiration, but I'm not sure if you can sign a cert if
> it expires after your intermediate is due to expire. The only other
> thought is if the chain was incomplete...
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150227/528777f6/attachment.html>


More information about the Xymon mailing list