[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xymon] sslcert



On Fri, January 21, 2011 12:17, Henrik Størner wrote:
> In <f5c836b418c685568231ab13aa6b4c2f.squirrel (at) epperson.homelinux.net>
> "Xymon User in Richmond" <hobbit (at) epperson.homelinux.net> writes:
>
>> On Thu, January 20, 2011 17:06, Henrik Størner wrote:
>>> OK, so you have (at least) 7 SSL-enabled services running on one
>>> host. The effect of that is rather unpredictable - when doing the
>>> "sslcert" status, I didn't think that you would have one line in
>>> hosts.cfg with multiple (different) SSL certificates. So which of the
>>>  7 certificates will show up in the "sslcert" status is
>>> unpredictable.
>>>
>>>
>
>> I have hosts running both httpd ssl and imaps services, with separate
>> certs, and it reports both certs correctly.  I don't know if it will
>> handle status correctly, though.  The imaps certs are self-generated
>> with expirations years out.  IIRC, it has gone yellow on the httpd
>> certs at the correct time.  The https test precedes the imaps test on
>> the hosts line, and the certs are stacked in that order on the sslcert
>> page.
>
> I stand corrected, then - apparently I did foresee that possibility :-)
>

I understand:  I often turn out to have been smarter than I realized at
the time (when I'm stupid it's usually readily apparent).

I noticed overnight on a personal server that even if the httpd and imaps
certs are the same one, it's reported once per service.  I like that.