check_http with self-signed SSL

[bchabotdg]

Plugins updated. Still not working:

Code: Select all

# /usr/local/nagios/libexec/check_http -H server.msp.digitalguardian.com -S -p 443 -u /DigitalGuardian2/Misc/Login.aspx -v
CRITICAL - Cannot make SSL connection.
#

To verify:

Code: Select all

# /usr/local/nagios/libexec/check_http -V
check_http v2.2.1 (nagios-plugins 2.2.1)
#

[tgriep]

Do you have any details on how that SSL cert was created on that server?

You may have to specify the SSL version using this option for your server.

Code: Select all

--ssl=VERSION[+]
    Connect via SSL. Port defaults to 443. VERSION is optional, and prevents
    auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,
    1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.

Try that as well in your command.

[bchabotdg]

No change with --ssl= . I do not know the details of how the cert was created.

[cdienger]

The --sni option is needed in cases where the destination hosts multiple domains or may require it. Run the check with this option and if it still fails, please PM a packet capture that contains an attempt to run it:

yum -y install tcpdump
tcpdump -s 0 -i any port 443 -w output.pcap

Let it run just long enough to reproduce the error and then use CTRL+C to stop it. PM me the output.pcap and I can take a closer look or you can use Wireshark to review it yourself.

[bchabotdg]

Thank you! This worked perfectly.

[cdienger]

Glad to hear