[Xymon] SSL Certs on servers with multiple virtualhosts

John D. Alexander JAlexander at feeneywireless.com
Wed Aug 7 19:56:39 CEST 2013


Henrik,

The website is private.  I've already rolled back the code but I can reapply the patch and take screen shots if need be.

Judging from the fact that Xymon was saying that the certificates expired about 42 years ago, a couple of the programmers here indicate that it's not picking up data from the certificate properly and interpreting that as the epoch and counting forward from there for expiration date.

Here is the output from the command you requested...  

CONNECTED(00000003)
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure Certification Authority, serialNumber = 07969287
verify return:1
depth=0 OU = Domain Control Validated, CN = fwbox.feeneywireless.com
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=fwbox.feeneywireless.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIHB8iKC1CjJjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
ODcwHhcNMTMwNDAzMjIyMzI4WhcNMTYwNDAzMjIyMzI4WjBGMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxITAfBgNVBAMTGGZ3Ym94LmZlZW5leXdp
cmVsZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMelCCph
m8VoRZWtaa3H4OWE5G5NaVbsET1rB6OoX90mxUN1eIqi4S4aQtTYeEVFVk+gEq5W
p50q3b/G2nUaZAztN4BjfW34FHA3hl8ODRrZNCzwIBpXuxsteVXWiqvWs8WawQVw
mmlY62O4vyoUp0cwxm7Tc5j8ep6h0ORrmEmAoqrYqlgHJ09cpJ5kPHER6pp4V2DT
ZmYC1u+cMAsmKr8VZ47qc2GUvzJxHuL7znkkpEaJVI+pqp5rhC0fCB0dZHq6rRTS
YfxnOXuehS3EYqpQtgDAL0M7XxQlsvF0za//fS+Inlo45IA4vvAkblMatrLlCgVz
HkPNcpU2JBQP0q8CAwEAAaOCAdQwggHQMA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8E
LDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtODguY3JsMFMG
A1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2Nl
cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEE
dDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYB
BQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9y
eS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q6
53aZaMznMEEGA1UdEQQ6MDiCGGZ3Ym94LmZlZW5leXdpcmVsZXNzLmNvbYIcd3d3
LmZ3Ym94LmZlZW5leXdpcmVsZXNzLmNvbTAdBgNVHQ4EFgQUvv+bnMlX2yH6jZ5b
5JtnZFh+5H0wDQYJKoZIhvcNAQEFBQADggEBAJbY4wbgbUmkgBsbvAQJNPcNBW+R
Rbyj3zQEyJovR0OA6nGfXwRsoR/ZgtlO64efL/+nuGQYv4XUrOK1z7dylfTvIgVY
LDqSOF2kr+LK3WI1EuOSYlsmVooy5fcb4RG715S1fJqvaOEilmMX6LR6ys6F1wxb
Cz2i6e/6qLkfKODDweh1Gp0rnFUFWhVOJedp/j5Erpy6cvzG+eviB+EfEdBGIvI6
850iEBUteVGu8BQ2A6pCjwAi6eK/Mb/3y+JaTXbi/9KvRRNH65Vczy/Q+Ud+9cci
9Ns6rNeVByqt7sptYR7QSsfh/YsSea4fWPDd2QtobJ4dFsZK6PRzwzedROo=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=fwbox.feeneywireless.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287

-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Henrik Størner
Sent: Tuesday, August 06, 2013 9:49 PM
To: xymon at xymon.com
Subject: Re: [Xymon] SSL Certs on servers with multiple virtualhosts

--------------------------------------------------------

Here is the output of the sslcert page in Xymon for that virtual server.  It is the second virtual server configured - the first being vzw.

SSL certificate for https://fwbox.feeneywireless.com/ expires in 1357 days

Server certificate:
	subject:/OU=Domain Control Validated/CN=vzw.feeneywireless.com
	start date: 2013-04-25 23:08:28 GMT
	expire date:2017-04-25 22:44:17 GMT
	key size:2048
	issuer:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287

John Alexander


Hi John,

> On 06-08-2013 23:38, John D. Alexander wrote:
>
> There seems to be a math error in there.  It has my certificates 
> having expired 15500 days ago.


is this a public website so I can try it myself ?


If not, could you please run

  openssl s_client -servername "www.yoursite.com" \
	-connect your.server.ip:443

(substite the site-name and IP as appropriate) ? I'm interested in the certificate itself - the part of the output that looks like

Server certificate
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIDCDa4MA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
al4b4feKk2DNYYrZ3N3v/8XruC27BRfo4HMi7P/xwUHu2LtcHvOIyQkHPg3GAENP
... more lines like these ...
psilcHKH+ghFIeP5KSaDJYlKN2WZ
-----END CERTIFICATE-----


Thanks,
Henrik


_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon



More information about the Xymon mailing list