You're right about separate entries per server - as it stands, it will ping one server. I don't know if Xymon concatenates multiple http / sslcert reports for the same server into the one column, or if each one overwrites the previous report.<div>
<br></div><div>However, it wouldn't be very hard to pass a file of urls to the script and turn the main body into a loop that pings each url and accumulating the results into https & sslcert files, then end by posting those files to Xymon.</div>
<div><br></div><div>And yes, you would want to remove the urls from the xymon hosts.cfg, otherwise xymonnet would duplicate the effort.</div><div><br></div><div>Ralph Mitchell</div><div> </div><div><div><br><div class="gmail_quote">
On Wed, Aug 7, 2013 at 7:30 PM, John D. Alexander <span dir="ltr"><<a href="mailto:JAlexander@feeneywireless.com" target="_blank">JAlexander@feeneywireless.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hey Ralph,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks for the script. I’ll give it a whirl. I’m guessing that each separate server will need to be set up with the script run against it.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Also, I suppose that I’ll need to stop the https://.... Test from the xymon hosts.cfg<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks again<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">John Alexander<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Ralph Mitchell [mailto:<a href="mailto:ralphmitchell@gmail.com" target="_blank">ralphmitchell@gmail.com</a>]
<br>
<b>Sent:</b> Tuesday, August 06, 2013 6:50 PM<br>
<b>To:</b> John D. Alexander<br>
<b>Cc:</b> <a href="mailto:xymon@xymon.com" target="_blank">xymon@xymon.com</a></span></p><div class="im"><br>
<b>Subject:</b> Re: [Xymon] SSL Certs on servers with multiple virtualhosts<u></u><u></u></div><p></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Here's that script for checking web servers. It's not rocket surgery, but it gets the job done. I needed it to be able to poke a secure web server through a proxy.<u></u><u></u></p><div><div class="h5">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Ralph Mitchell<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Tue, Aug 6, 2013 at 2:32 PM, John D. Alexander <<a href="mailto:JAlexander@feeneywireless.com" target="_blank">JAlexander@feeneywireless.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">I’m running Xymon 4.3.12 on CentOS 6.4 and monitoring a number of Apache web servers that each have multiple SSL VirtualHosts.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Xymon appears to be using the openssl s_client utility to check server certificates and since s_client is not SNI compliant, it only picks up the certificate of the first VirtualHost.
All other VirtualHosts are reported having the same certificate.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Does anyone know of a workaround (perhaps using curl) to validate SSL certificates and track expiration dates of those certificates?<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Thanks much.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#00467f">John Alexander</span></b><br>
<span style="font-size:9.0pt;font-family:"Arial","sans-serif"">Network Administrator</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></blockquote></div><br></div></div>