[Xymon] SSL Certificate test failure
Ribeiro, Glauber
glauber.ribeiro at experian.com
Wed Nov 11 21:23:02 CET 2015
Yes. I view xymon's sslcert test as an expiration alert.
I've been tinkering with implementing a more thorough test via https://www.ssllabs.com/ssltest/ , but haven't done it yet. It should be doable, using their public APIs. Probably not the kind of thing you need to run for every server, but it would be nice to run it once a day, maybe, for important internet-facing servers.
g
-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Mark Felder
Sent: Monday, November 09, 2015 15:25
To: xymon at xymon.com
Subject: Re: [Xymon] SSL Certificate test failure
On Mon, Nov 9, 2015, at 15:18, Scot Kreienkamp wrote:
> Hi there,
>
> I am testing a site in Xymon that is testing OK, but throws an SSL error
> in the browser. Wondering why that was, I looked at the certificate for
> the site... it doesn't match the domain name of the site that's serving
> it, which causes the browser to display an SSL error. I was expecting
> Xymon to do the same. Apparently Xymon doesn't check to make sure the
> certificate matches the URL.
>
Xymon doesn't check the chain of trust or validate the hostname of the
certificate. It will gladly tell you if it expires, though :)
It would be nice to teach Xymon to validate the certificate more
thoroughly.
--
Mark Felder
feld at feld.me
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list