Code: Select all
check_http -f follow -H -S "xxxxxxxxxxxxx" -J /usr/local/nagios/libexec/cert/cert.pem -K /usr/local/nagios/libexec/cert/privatekey.pem -s "Home Page"
CRITICAL - Cannot make SSL connection.
6315:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:
The certificate that I used to extract the client cert and private key from works just fine in my browser. So I know that's good. This error is symptomatic of something missing in the certificate chain. However, I've added the CA cert to the Nagios server, and I've tried adding it to the cert.pem file. However, I don't think check_http looks at the servers certs, and I'm pretty sure only one cert can be in a pem file. I kind of proved this by changing the order of the client cert and CA cert in the cert.pem file. By putting the CA cert first I get a 'Private key does not match certificate' error. So I guess check_http stops reading the pem file when it gets to the first '-----END CERTIFICATE-----'!!
Does anyone have any suggestions for resolving this please?