Re: [xymon] sslcert

[Ryan Novosielski <novosirj (at) umdnj.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/21/2011 12:17 PM, Henrik Størner wrote:
> In <f5c836b418c685568231ab13aa6b4c2f.squirrel (at) epperson.homelinux.net> "Xymon User in Richmond" <hobbit (at) epperson.homelinux.net> writes:
> 
>> On Thu, January 20, 2011 17:06, Henrik Størner wrote:
>>> OK, so you have (at least) 7 SSL-enabled services running on one host.
>>> The effect of that is rather unpredictable - when doing the "sslcert"
>>> status, I didn't think that you would have one line in hosts.cfg with
>>> multiple (different) SSL certificates. So which of the 7 certificates
>>> will show up in the "sslcert" status is unpredictable.
>>>
> 
>> I have hosts running both httpd ssl and imaps services, with separate
>> certs, and it reports both certs correctly.  I don't know if it will
>> handle status correctly, though.  The imaps certs are self-generated with
>> expirations years out.  IIRC, it has gone yellow on the httpd certs at the
>> correct time.  The https test precedes the imaps test on the hosts line,
>> and the certs are stacked in that order on the sslcert page.
> 
> I stand corrected, then - apparently I did foresee that possibility :-)

It's perfectly reasonable -- you'll run into that with any webserver
providing https that also provides imap-s, which is not that outlandish.

- -- 
- ---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| |  | |__/ | \| _| |novosirj (at) umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk05wNUACgkQmb+gadEcsb7d8gCdHvGKZdqGid4NBpSVaII5l2CB
vnUAoNCanVKkhURwyTNxRvxjF4F10DsL
=NJsu
-----END PGP SIGNATURE-----