[Xymon] SSL Error after upgrading to Fedora 18

Ralph Mitchell ralphmitchell at gmail.com
Fri Jan 25 17:11:22 CET 2013


Try handing curl the CA cert for your internal CA:

     curl -v --cacert path_to_your_CA_cert.pem https://server.domain.com

Ralph Mitchell


On Fri, Jan 25, 2013 at 10:27 AM, Jason Chambers <Jason.Chambers at geosoft.com
> wrote:

> I think there might be a bug in OpenSSL in this build of Fedora 18 (which
> I have updated.) I ran the command you gave me and I'm getting this:
>
> CONNECTED(00000003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 172 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
>
> Which is suggesting that there isn't an SSL certificate there. Yet when I
> curl the location:
>
> curl: (60) Peer's Certificate issuer is not recognized.
> More details here: http://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
>  of Certificate Authority (CA) public keys (CA certs). If the default
>  bundle file isn't adequate, you can specify an alternate file
>  using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
>  the bundle, the certificate verification probably failed due to a
>  problem with the certificate (it might be expired, or the name might
>  not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
>  the -k (or --insecure) option.
>
>
> Would this be everyone elses conclusion as well?
>
>
> Jason Chambers
> Network Administrator | Geosoft
> geosoft.com | blog | twitter | linkedIn | facebook | T +1 416.369.0111
> #344 | M +1 416.508.1410
>
> Trending topic on Earth Explorer: VOXI Earth Modelling
>
> -----Original Message-----
> From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf
> Of Henrik Størner
> Sent: January-25-13 1:38 AM
> To: xymon at xymon.com
> Subject: Re: [Xymon] SSL Error after upgrading to Fedora 18
>
> On 24-01-2013 21:43, Jason Chambers wrote:
> > I just upgraded to Fedora 18, and now servers that have SSL signed by
> > our internal CA is failing. The http test simply shows "SSL error"
> > meanwhile our public (GoDaddy) certs aren't causing issues. Is there a
> > log file I can peer into to find out why I'm getting these error
> > messages all of a sudden?
>
> No logfile, but try running "openssl s_client -connect IPADDRESS:PORT".
> This performs a connect and SSL handshake, which is basically the same as
> what Xymon does.
>
> I suppose the standard openssl.cnf is used by OpenSSL when Xymon uses the
> SSL libraries. Perhaps some defaults changed in relation to how openssl
> performs automatic certificate validation ? Would surprise me, though.
>
>
> Regards,
> Henrik
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130125/0460924c/attachment.html>


More information about the Xymon mailing list