None of those worked for me and then I read somewhere that the plugins need to be re-built against a later set of libraries. So I got a later version of openssl and did just that. I updated openssl and then rebuilt the plugins with
Code: Select all
wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
tar vfzx nagios-plugins-2.1.1.tar.gz
cd nagios-plugins-2.1.1
./configure --with-openssl=/usr/bin/openssl
make clean
make
make install
This seems to have made quite a difference. I can now use check_http successfully on most of my web servers except for 2 or 3 where I am still getting:
Code: Select all
CRITICAL - Cannot make SSL connection.
3086513804:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
The command I'm using from the CLI is:
Code: Select all
./check_http -f follow -H xxxxxxxxxxxxxx -ssl=1.1 -J clientcert.pem -K privatekey.pem -e HTTP/1. -s "Home page" -v
The verbose switch is largely irrelevant as you get the same output regardless of whether you use it or not.
The "SSL alert number 40" is thought to be synonynous with a bad client certificate. However, both the client cert and key are good because I've tested them in openssl. I've tried the full cert chain in the clientcert.pem file as well as variations of it in my ca-bundle.crt file. So does anyone have any idea on what check_http might be up to now please?