SSL Cert failto make connection

vhoover · Post by **vhoover** » Fri Nov 15, 2013 2:34 pm

check_http v1.4.15-46-gefa2 (nagios-plugins 1.4.15)

abrist · Post by **abrist** » Fri Nov 15, 2013 3:38 pm

Are you sure the website is running https directly on the server (not a vhost)? If it is a vhost, could you try checking the fqdn of the website instead?

Code: Select all

 ./check_http -H <domain.tld> -v -C 14

vhoover · Post by **vhoover** » Fri Nov 15, 2013 3:46 pm

If your asking if it is a virtual machine the answer is yes, it is running on an ESX 5.1 and other VM's with the same config are working fine. The VM does have https enabled with a http redirect

scottwilkerson · Post by **scottwilkerson** » Fri Nov 15, 2013 3:58 pm

I am really confused how the ./check_http command you are showing has anything to do with NSClient++.

Am I missing something?

vhoover · Post by **vhoover** » Fri Nov 15, 2013 4:02 pm

Re: SSL Cert failto make connection

Postby slansing » Wed Nov 13, 2013 9:37 am
Do you have "use_ssl=1" enabled in the configuration file? Is the NRPEListener.dll uncommented at the top of the file?

User avatar
slansing

Posts: 4109
Joined: Mon Apr 23, 2012 3:28 pm

Top

Re: SSL Cert failto make connection

Postby vhoover » Thu Nov 14, 2013 2:32 pm
The use_ssl and NRPEListener.dll were not enabled, however after enabling them, restarting the NSClient++ service, and even a reinstall of the NSClient++ service and verification of all required module and commands (including use_ssl and NRPEListener.dll), there is no change in the issue. The log is not showing any entry regarding this, even with debug enabled, but the commands response when ran from the cli and the GUI is as follows:

./check_http -H webp00 -C 14
CRITICAL - Cannot make SSL connection
CRITICAL - Cannot retrieve server certificate.

abrist · Post by **abrist** » Mon Nov 18, 2013 10:55 am

check_http is not run through nsclient. What relevance did the previous post have?

vhoover · Post by **vhoover** » Mon Nov 18, 2013 11:05 am

slansing had asked if the use_ssl was set to 1 and if the NRPEListener.dll was enabled in the NSC.ini file on the host. So I assumed they were related in some strange way.

abrist · Post by **abrist** » Mon Nov 18, 2013 11:43 am

Well, I do not believe they are related. check_http is usually run from the XI server, not through an agent. What is the url/fqdn for the website? Can you try checking that instead of the hostname?

Code: Select all

./check_http -H <url or ip> -v -C 14

vhoover · Post by **vhoover** » Mon Nov 18, 2013 12:01 pm

This was the response when the above command was ran:

[root@nagios-test libexec]# ./check_http -H XX.XX.X.XX -v -C 14
CRITICAL - Cannot make SSL connection
CRITICAL - Cannot retrieve server certificate.

IP has been sanitized for privacy reasons, and when the FQDN is used instead of IP the result is the same, I cannot check via URL as the Web server is application layer load-balanced with two or three other servers.

slansing · Post by **slansing** » Mon Nov 18, 2013 12:11 pm

Have you tried adding "--ssl" into the check command? This is defined in the plugins usage:

https://www.nagios-plugins.org/doc/man/check_http.html