[Xymon] SSL Certs on servers with multiple virtualhosts

John D. Alexander JAlexander at feeneywireless.com
Tue Aug 6 22:26:51 CEST 2013


Given that s_client is rudimentary and actually pretty old, it might be a thing to do the tests using curl instead of openssl.  Curl reports the proper certificates.

Wonder how much work it would be to use curl instead of openssl.  Does anyone know what drives the http tests?  I'm not a programming guy, but know folks who are.

John Alexander

-----Original Message-----
From: Mark Felder [mailto:feld at feld.me] 
Sent: Tuesday, August 06, 2013 12:55 PM
To: Ralph Mitchell; John D. Alexander; Galen Johnson
Cc: xymon at xymon.com
Subject: Re: [Xymon] SSL Certs on servers with multiple virtualhosts

On Tue, 06 Aug 2013 14:45:07 -0500, Galen Johnson <Galen.Johnson at sas.com>
wrote:

> Would something like this not work:
>
> group HTTP
> 0.0.0.0 host1.example.com # https://host1.example.com
> 0.0.0.0 host2.example.com # https://host2.example.com ...
>

No, if the client doesn't support SNI it will always receive the first SSL certificate. In that example host2.example.com's data is useless.


More information about the Xymon mailing list