Errors checking new SSL 2.0 webpage

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
SavaSC
Posts: 238
Joined: Wed Feb 23, 2011 4:49 pm

Errors checking new SSL 2.0 webpage

Post by SavaSC »

Hello,

We have just spun up 3 new web server that are using SSL 2.0 for security. All of the other servers we have are using SSL 1.1.

When I create a service to check is the log-in page responds I get an error message. What message I get depends on what version of SSL I tell Nagios to use. I am using the Check_XI_Service_http Check Command and here are the results I get.

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" -S
OUTPUT: CRITICAL - Cannot make SSL connection.

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" -S 2
OUTPUT: connect to address 2 and port 443: Invalid argument
HTTP CRITICAL - Unable to open TCP socket
This particular web page doesn't exist on our current SSL 1.1 boxes, so I can't verify that this check works with that version. However, we have other pages (SSL1.1) that are being checked using the Check_XI_Service_http command that are responding fine.

Any ideas about what I'm doing wrong?

Thanks!
User avatar
BanditBBS
Posts: 2474
Joined: Tue May 31, 2011 12:57 pm
Location: Scio, OH
Contact:

Re: Errors checking new SSL 2.0 webpage

Post by BanditBBS »

Change your command to:

Code: Select all

/usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" --ssl=2
2 of XI5.6.14 Prod/DR/DEV - Nagios LogServer 2 Nodes
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
SavaSC
Posts: 238
Joined: Wed Feb 23, 2011 4:49 pm

Re: Errors checking new SSL 2.0 webpage

Post by SavaSC »

Thank you for your quick response. Here is the output now:

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" --ssl=2
OUTPUT: CRITICAL - Cannot make SSL connection.
SavaSC
Posts: 238
Joined: Wed Feb 23, 2011 4:49 pm

Re: Errors checking new SSL 2.0 webpage

Post by SavaSC »

When I take out all SSL options it tells me I need 1.1 SSL. How do I make Nagios look for 2.0?

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "/savaconnect/identity"
OUTPUT: HTTP WARNING: HTTP/1.1 403 SSL is required - 173 bytes in 0.520 second response time |time=0.519968s;;;0.000000 size=173B;;;0
User avatar
tgriep
Madmin
Posts: 9190
Joined: Thu Oct 30, 2014 9:02 am

Re: Errors checking new SSL 2.0 webpage

Post by tgriep »

The --ssl=2 should force it to SSLv2. Can you run the check from a shell with verbose on so we can get a detailed error message?

Code: Select all

/usr/local/nagios/libexec/check_http -H hpcaweb03 -u "/savaconnect/identity" -v
/usr/local/nagios/libexec/check_http -H hpcaweb03 -u "/savaconnect/identity" --ssl=2 -v
Be sure to check out our Knowledgebase for helpful articles and solutions!
SavaSC
Posts: 238
Joined: Wed Feb 23, 2011 4:49 pm

Re: Errors checking new SSL 2.0 webpage

Post by SavaSC »

Thank you for your response. We seem to have had some issues with some other things around some other software with SSL 2.0 so we have temporarily rolled back to SSL 1.1. We are going to spin up a test box and see if we can pinpoint the issue in our sandbox environment.

While we're waiting on that to move forward, I don't know if you want to keep this thread open or me just open another if I continue to have problems.

Either way, thank you for your assistance.
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Errors checking new SSL 2.0 webpage

Post by tmcdonald »

For the sake of organization let's keep this one open for now, however for the sake of our workflow please don't reply until you have news.
Former Nagios employee
Locked