SSL Cert failto make connection

[vhoover]

I was more referring to the web server's port / cert configuration and usage. NSClient should not be required as this is an active http check initiated from the Nagios server, it is not communicating with NSClient at all.

I appologize then, I not sure exactly what it is your looking for.

[lmiltchev]

I believe slansing was trying to explain that:

1. This doesn't seem to be a nagios (or check_http) problem, but rather it is an issue, specific to your SSL certificate.
2. This check has nothing to do with NSClient++.

[vhoover]

I cannot believe that there is a problem with the certificate as it is a wildcard cert used on around 20 servers, give or take. I have verified the cert is installed the same as it is on any other server with that same cert and OS version.

[slansing]

No what I was trying to make a point of, is that this is most likely an issue with the web server on your remote host.. Please run this command against one of your other windows web servers that is working fine:

Code: Select all

openssl s_client -connect addr:443

[vhoover]

No what I was trying to make a point of, is that this is most likely an issue with the web server on your remote host.. Please run this command against one of your other windows web servers that is working fine:

Code: Select all

openssl s_client -connect addr:443

When I run it against another web server with the same certificate and same Operating System and Patches, it is successful, but when I run it against any of the 5 web servers I am having issue with I get the following:

openssl s_client -connect X.X.X.X:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

I guess the web developers did something different with theses servers, is there any places I should start looking?

[slansing]

This was checked a few pages ago.. and is something you would need to talk to your network team about and is the entire problem here as we see it now. Unfortunately we really don't have good advice on where to look or who to talk to as it is an internal network / cert issue.

[vhoover]

OK Thanks.

[abrist]

Let us know how this issue proceeds.

[vhoover]

The company has decided that since the load balance device is watched for SSL cert expiration, the individual box does not need it.

[abrist]

Fair enough. Can we close this thread?