[Xymon] SSL Certs on servers with multiple virtualhosts

Thu Mar 26 19:53:13 CET 2015

I know this is an old thread but I am still interested 
in this functionality. Does the latest Xymon support 
this? 

cheers, 

Troy 

----- Original Message ----- 
From: "John D. Alexander" <JAlexander at feeneywireless.com> 
To: xymon at xymon.com 
Sent: Friday, August 9, 2013 3:03:55 PM GMT -07:00 US/Canada Mountain 
Subject: Re: [Xymon] SSL Certs on servers with multiple virtualhosts 

Henrik, 

Have you been able to make any progress on the multiple ssl VirtualHost issue? 

If need be, I can let apply the patch on a system that is reachable from outside and give you access (https) if I can get your IP address. 

Thanks much 

John Alexander 

-----Original Message----- 
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Henrik Størner 
Sent: Wednesday, August 07, 2013 2:23 PM 
To: xymon at xymon.com 
Subject: Re: [Xymon] SSL Certs on servers with multiple virtualhosts 

On 07-08-2013 19:56, John D. Alexander wrote: 

> The website is private. I've already rolled back the code but I can 
> reapply the patch and take screen shots if need be. 
> 
> Judging from the fact that Xymon was saying that the certificates 
> expired about 42 years ago, a couple of the programmers here indicate 
> that it's not picking up data from the certificate properly and 
> interpreting that as the epoch and counting forward from there for 
> expiration date. 

Xymon uses the OpenSSL library routines to handle the SSL details, so I would be rather surprised if some kind of bogus certificate data got through all the way to the Xymon code - the openssl library is supposed to discard such invalid data and report an error. 

More likely it is some kind of integer overflow. 15500 days before now is suspiciously close to Jan 1st 1970 (start of Unix epoch). 

But it surprises me a bit, since I setup a test site here with two vhosts and different certificates, and the new code worked fine here - got the right certificate for each of the two hosts. 

What version of OpenSSL are you running on the server where Xymon is compiled ? You can check by running "xymonnet --version". 

I'll probably send you (directly, not via the list) a test-version of Xymon that logs some more debugging data for this - sometime later this week. 

Regards, 
Henrik 

_______________________________________________ 
Xymon mailing list 
Xymon at xymon.com 
http://lists.xymon.com/mailman/listinfo/xymon 
_______________________________________________ 
Xymon mailing list 
Xymon at xymon.com 
http://lists.xymon.com/mailman/listinfo/xymon 

-- 

    This communication is intended for the use of the recipient to whom it

    is addressed, and may contain confidential, personal, and or privileged

    information. Please contact us immediately if you are not the intended

    recipient of this communication, and do not copy, distribute, or take

    action relying on it. Any communications received in error, or

    subsequent reply, should be deleted or destroyed.

---

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150326/7f0fb625/attachment.html>