[Xymon] SSL Certs on servers with multiple virtualhosts

Ralph Mitchell ralphmitchell at gmail.com
Thu Aug 8 02:41:22 CEST 2013


You're right about separate entries per server - as it stands, it will ping
one server.  I don't know if Xymon concatenates multiple http / sslcert
reports for the same server into the one column, or if each one overwrites
the previous report.

However, it wouldn't be very hard to pass a file of urls to the script and
turn the main body into a loop that pings each url and accumulating the
results into https & sslcert files, then end by posting those files to
Xymon.

And yes, you would want to remove the urls from the xymon hosts.cfg,
otherwise xymonnet would duplicate the effort.

Ralph Mitchell


On Wed, Aug 7, 2013 at 7:30 PM, John D. Alexander <
JAlexander at feeneywireless.com> wrote:

>  Hey Ralph,****
>
> ** **
>
> Thanks for the script.  I’ll give it a whirl.  I’m guessing that each
> separate server will need to be set up with the script run against it.****
>
> Also, I suppose that I’ll need to stop the https://....  Test from the
> xymon hosts.cfg****
>
> ** **
>
> Thanks again****
>
> ** **
>
> John Alexander****
>
> ** **
>
> ** **
>
> *From:* Ralph Mitchell [mailto:ralphmitchell at gmail.com]
> *Sent:* Tuesday, August 06, 2013 6:50 PM
> *To:* John D. Alexander
> *Cc:* xymon at xymon.com
>
> *Subject:* Re: [Xymon] SSL Certs on servers with multiple virtualhosts****
>
> ** **
>
> Here's that script for checking web servers.  It's not rocket surgery, but
> it gets the job done.  I needed it to be able to poke a secure web server
> through a proxy.****
>
> ** **
>
> Ralph Mitchell****
>
> ** **
>
> On Tue, Aug 6, 2013 at 2:32 PM, John D. Alexander <
> JAlexander at feeneywireless.com> wrote:****
>
>  ****
>
> I’m running Xymon 4.3.12 on CentOS 6.4 and monitoring a number of Apache
> web servers that each have multiple SSL VirtualHosts.****
>
>  ****
>
> Xymon appears to be using the openssl s_client utility to check server
> certificates and since s_client is not SNI compliant, it only picks up the
> certificate of the first VirtualHost.  All other VirtualHosts are reported
> having the same certificate.****
>
>  ****
>
> Does anyone know of a workaround (perhaps using curl) to validate SSL
> certificates and track expiration dates of those certificates?****
>
>  ****
>
> Thanks much.****
>
>  ****
>
> *John Alexander*
> Network Administrator****
>
>  ****
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon****
>
> ** **
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130807/5871a733/attachment.html>


More information about the Xymon mailing list