HTTPS check

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
c.slagel
Posts: 57
Joined: Mon Dec 17, 2012 6:47 pm

HTTPS check

Post by c.slagel »

So since the upgrade to 2014 I've had an issue with 2 http checks.

Basically I have 2 services I'm doing a check_http on

$USER1$/check_http -t 60 -H $HOSTADDRESS$ $ARG1$
$ARG1$ -s "UA-1457754-9" -f ok -I 10.1.2.210 -u "/" -p 80
and
-s "UA-1457754-9" -f ok -I 10.1.2.224 -u "/" -p 80

this check results in this:

Code: Select all

HTTP CRITICAL: HTTP/1.1 301 Moved Permanently - string 'UA-1457754-9' not found on 'http://10.1.2.100:80/' - 303 bytes in 0.006 second response time
The issue is we just switched these over to https only, but for some reason before the update it was still working.

Now, I can add the -S option, but it still does not work because I'm checking local IP addresses for the services and not the external domain name.

this results in:

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -t 60 -H 10.1.2.224 -s "UA-1457754-9" -f ok -I 10.1.2.224 -S -u "/" -p 80
OUTPUT: CRITICAL - Cannot make SSL connection.
Is there any way I can get this to work using local IP addresses and not the FQDN on the SSL cert?

Thanks.
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: HTTPS check

Post by sreinhardt »

Probably the easiest route, is to have proper internal dns so that you can use the fqdn within nagios and have the cert verify. A slightly more hackish solution would be to add the entries you need into /etc/hosts with the full fqdn.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
c.slagel
Posts: 57
Joined: Mon Dec 17, 2012 6:47 pm

Re: HTTPS check

Post by c.slagel »

the thing is the server itself doesn't serve up the cert, our netscaler does... The servers have certs but they're old/expired. I'm at this point:

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -t 60 -H 10.1.2.210 -s "UA-1457754-9" -f ok -I 10.1.2.210 -S -C 0 -u "/" 
OUTPUT: CRITICAL - Certificate 'www.leatherup.com' expired on Mon Jun 29 02:14:00 2009.
Is there a way to just tell it to not care if the cert is expired?
Top
c.slagel
Posts: 57
Joined: Mon Dec 17, 2012 6:47 pm

Re: HTTPS check

Post by c.slagel »

As you can see I tried the -C 0 and that didn't seem to workout.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: HTTPS check

Post by scottwilkerson »

You should remove the -C -S all together, change the -f to follow, run

Code: Select all

/usr/local/nagios/libexec/check_http -t 60 -H 10.1.2.210 -s "UA-1457754-9" -f follow -I 10.1.2.210 -u "/"
per the help
-C, --certificate=INTEGER[,INTEGER]
Minimum number of days a certificate has to be valid. Port defaults to 443
(when this option is used the URL is not checked.)
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
c.slagel
Posts: 57
Joined: Mon Dec 17, 2012 6:47 pm

Re: HTTPS check

Post by c.slagel »

That worked. Thanks!
Top
Locked

Return to “Nagios XI”