check_http > CRITICAL - Cannot make SSL connection.

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

check_http > CRITICAL - Cannot make SSL connection.

Postby Petr M. » Tue Apr 17, 2018 4:25 am

Hello,
today I upgraded Nagios check_http plugin from version v2.1.4 to v2.2.1 and now I´am not able to check one of my https sites.
The result from v2.1.4 is:
./check_http -H websiteurl -S -e 401
HTTP OK: Status line output matched "401" - 1891 bytes in 0.270 second response time |time=0.270459s;;;0.000000 size=1891B;;;0

and with version v2.2.1:
./check_http -H websiteurl -S -e 401
CRITICAL - Cannot make SSL connection.

the command with --vv:
./check_http -H websiteurl -S -e 401 -vv
CRITICAL - Cannot make SSL connection.
SSL initialized

Nagios Core running on latest Debian with openssl 1.1.0f-3+deb9u2.

Thanks for you help, Regards,
Petr
Petr M.
 
Posts: 28
Joined: Sat Oct 10, 2015 1:24 pm

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby scottwilkerson » Tue Apr 17, 2018 8:15 am

when you put websiteurl can you be more specific

is it host.domain.com or
https://host.domain.com or
https://host.domain.com/path/to/page or
https://host.domain.com:customport/path/to/page
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
CTO
 
Posts: 9623
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby Petr M. » Tue Apr 17, 2018 8:26 am

Hello,
this is internal web site with certificate issued by local CA. The certificate is SHA1.

I use this command with my own domain:
./check_http -H eusupport.xxxx.com -S -u /CAisd/pdmweb.exe -e 401

I have more internal sites which used SSL certificate from trusted external CA and there is no problem.
Petr M.
 
Posts: 28
Joined: Sat Oct 10, 2015 1:24 pm

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby scottwilkerson » Tue Apr 17, 2018 8:55 am

you may need to add --sni
Code: Select all
--sni
    Enable SSL/TLS hostname extension support (SNI)


Otherwise I'm not sure what it could be, I just tested with our live server and get expected output
Code: Select all
./check_http -H assets.nagios.com -S -u /downloads/nagios-log-server/2/virtualpc/ -e 403
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
CTO
 
Posts: 9623
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby Petr M. » Tue Apr 17, 2018 9:07 am

with --sni I received the same result.

./check_http -H eusupport.xxxxx.com -S -u /CAisd/pdmweb.exe -e 401 --sni
CRITICAL - Cannot make SSL connection.

There must be some change between version 2.1.4 and 2.2.1. With 2.1.4 there is no issue. I don´t know what differences are there.
As I wrote, the problem is only with one of my internal servers. Other server are OK.
Petr M.
 
Posts: 28
Joined: Sat Oct 10, 2015 1:24 pm

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby scottwilkerson » Tue Apr 17, 2018 9:31 am

Do the internal server force a specific SSL type, you can specify that
Code: Select all
-S, --ssl=VERSION[+]
    Connect via SSL. Port defaults to 443. VERSION is optional, and prevents
    auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,
    1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.


or specific keys
Code: Select all
-J, --client-cert=FILE
   Name of file that contains the client certificate (PEM format)
   to be used in establishing the SSL session
-K, --private-key=FILE
   Name of file containing the private key (PEM format)
   matching the client certificate
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
CTO
 
Posts: 9623
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby Petr M. » Tue Apr 17, 2018 9:41 am

I tried the command with S1, S1.1 and 1.2
./check_http -H eusupport.xxxxxx.com -S1 -u /CAisd/pdmweb.exe -e 401

with the same result:
CRITICAL - Cannot make SSL connection.

with S2 and S3 I receive:
UNKNOWN - SSL protocol version 3 is not supported by your SSL library.
Petr M.
 
Posts: 28
Joined: Sat Oct 10, 2015 1:24 pm

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby scottwilkerson » Tue Apr 17, 2018 10:00 am

I did see another thread with similar issue and it was the ssl package on the nagios server

viewtopic.php?f=6&t=43852
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
CTO
 
Posts: 9623
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby Petr M. » Tue Apr 17, 2018 10:09 am

I already found this topic but it dies not help me. I already have installed latest version of openssl and libssl-dev and check_http was compiled with these versions but the problem is still there.
Petr M.
 
Posts: 28
Joined: Sat Oct 10, 2015 1:24 pm

Re: check_http > CRITICAL - Cannot make SSL connection.

Postby scottwilkerson » Wed Apr 18, 2018 9:59 am

I'm sorry, currently I am really out of ideas what could be causing the issue and am unable to replicate it.

I will leave the thread open in case another community member has seen the same behavior.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
CTO
 
Posts: 9623
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Next

Return to Nagios Plugin Development

Who is online

Users browsing this forum: No registered users and 2 guests