[Xymon] False SSL cert alerts

Phil Crooker Phil.Crooker at orix.com.au
Wed Jun 28 01:56:16 CEST 2017

Browsers are a pretty opaque tool for testing certificates because of caching and locally stored certificates. Try openssl:

     openssl s_client -connect hostname:443 -showcerts

You should see the whole chain of certificates going back to a root cert. Are you missing an intermediate certificate? You may need to add it to the ssl config in the webserver - in apache you can just concatenate your host cert and the intermediate.

s_client shows the status of the connection at the bottom:

    Verify return code: 0 (ok)

Not 0 is an error of course.

As s_client opens a connection, you need to CTRL-C to break out (or issue an http command if you wish)

Hope that helps.


But now it simply refuses to get a valid https connection from the Xymon server eventhough you can web-browse to it with no issues and the browser says there is a valid https/cert/connection?  Is there any place in Xymon I can see why it is failing?

On Tue, Jun 27, 2017 at 3:39 PM, John Thurston <john.thurston at alaska.gov<mailto:john.thurston at alaska.gov>> wrote:
On 6/27/2017 11:17 AM, Zoltan Forray wrote:
We are constantly having issues with sslcert alerts going non-green
eventhough it says the cert is fine.  Related to this is there being an
issue getting to the https page from the Xymon server yet I can access
it just fine from my browser.

Any failure to establish an SSL connection will result in an error under sslcert. Could it be a failure to negotiate a secure connection due to an unreliable network connection?

I suggest looking in the error log on your web server. You may find severed or incomplete connection attempts.

   Do things because you should, not just because you can.

John Thurston    907-465-8591<tel:907-465-8591>
John.Thurston at alaska.gov<mailto:John.Thurston at alaska.gov>
Department of Administration
State of Alaska
Xymon mailing list
Xymon at xymon.com<mailto:Xymon at xymon.com>

Zoltan Forray
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator
Xymon Monitor Administrator
VMware Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray at vcu.edu<mailto:zforray at vcu.edu> - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170627/d595840d/attachment.html>

More information about the Xymon mailing list