[Xymon] Feature request: being able to use client certificates for network tests (NOT http)

SebA spah at syntec.co.uk
Tue Mar 19 11:49:49 CET 2019


On Mon, 18 Mar 2019 at 23:36, Bruce Ferrell <bferrell at baywinds.org> wrote:

> On 3/18/19 11:25 AM, SebA wrote:
> > I want to be able to test a TLS service that use server and client
> certificates, and the only way seems to be with http, but this is not an
> http(s) service.  It would need to be
> > configurable in protocols.cfg or some other way in hosts.cfg. I tried
> pretending it was https and it says 'SSL error' in the test output.  It
> doesn't create the sslcert column
> > either, or I could just disable the https test and still get the
> certificate monitoring, which is what I wanted most anyway.
> >
> > Kind regards,
> >
> > SebA
> >
>
> What does the openssl s_client test do?
>
> openssl s_client -connect <host:port>
>
>
> Hi Bruce,

When the certificate is expired the result on
openssl-1.0.2k-12.109.amzn1.x86_64 (the local server) is:
    Verify return code: 10 (certificate has expired)
However, the result on openssl-1.0.2k-12.el7.x86_64 (on the Xymon server)
is:
    Verify return code: 20 (unable to get local issuer certificate)

Once the certificate is renewed the result on both versions is:
    Verify return code: 0 (ok)

Kind regards,

SebA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20190319/1a432cb8/attachment.html>


More information about the Xymon mailing list