Nagios Support Forum

Posted: **Thu Jul 16, 2020 8:31 am**

Hello,

Still getting same error:

[root@HO1-NAGIOSXI libexec]# /usr/local/nagios/libexec/check_http -H 10.1.210.248 -C 10 --ssl=1+
CRITICAL - Cannot make SSL connection.
139772835166016:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c

SSL alert number 40
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]# /usr/local/nagios/libexec/check_http -H 10.1.210.248 -C 10 --ssl=2+
CRITICAL - Cannot make SSL connection.
140187336841024:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c

SSL alert number 40
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]# /usr/local/nagios/libexec/check_http -H 10.1.210.248 -C 10 --ssl=3+
CRITICAL - Cannot make SSL connection.
139751346493248:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c

SSL alert number 40
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]# /usr/local/nagios/libexec/check_http -H 10.1.210.248 -C 10 --ssl=1.1+
CRITICAL - Cannot make SSL connection.
140021198370624:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c

SSL alert number 40
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]#
[root@HO1-NAGIOSXI libexec]# /usr/local/nagios/libexec/check_http -H 10.1.210.248 -C 10 --ssl=1.2+
CRITICAL - Cannot make SSL connection.
140308417046336:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c

SSL alert number 40
[root@HO1-NAGIOSXI libexec]#

Posted: **Thu Jul 16, 2020 8:37 am**

This has to be a problem with the ssl negotiation on the switch/router

But to verify, does this work?

Code: Select all

/usr/local/nagios/libexec/check_http -H www.nagios.com -C 10

Posted: **Thu Jul 16, 2020 8:46 am**

Hello,

Yes it works.

[root@HO1-NAGIOSXI libexec]# /usr/local/nagios/libexec/check_http -H http://www.nagios.com -C 10
SSL OK - Certificate '*.nagios.com' will expire in 710 days on 2022-06-27 03:59 +0400/+04.
[root@HO1-NAGIOSXI libexec]#

Posted: **Thu Jul 16, 2020 3:14 pm**

so the plugin works correctly.

Clearly neither curl nor check_http can negotiate the ssl connection, are you 100% sure the router is setup correctly?

Posted: **Sun Jul 19, 2020 8:49 am**

Hello,

We want to monitor the below certificate:

show crypto pki certificate
Certificate
Status: Available
Certificate Serial Number (hex): 7B53FCBF00000000054F
Certificate Usage: General Purpose
Issuer:
cn=cginfra-CA
dc=cginfra
dc=net
Subject:
Name: AE-D3-VPN-GW.cginfra.net
Serial Number: FDO2201A075
cn=AE-D3-VPN-GW.cginfra.net
ou=Group I.T.
o=M.C.T. Fze
l=Dubai
st=Dubai
c=AE
hostname=AE-D3-VPN-GW.cginfra.net
serialNumber=FDO2201A075
CRL Distribution Point:
file://ja-cginfra-dc1.cginfra.net/CertEnroll/cginfra-CA.crl
Validity Date:
start date: 04:38:43 GST Jan 24 2020
end date: 04:38:43 GST Jan 23 2022
renew date: 23:50:42 GST Dec 24 2021
Associated Trustpoints: cginfra-CA
Storage: nvram:cginfra-CA#54F.cer

There is no issue with the router, we are already monitoring it in PRTG and its working fine there.

Please suggest!!

Posted: **Mon Jul 20, 2020 9:04 am**

Oh, this is just a certificate on the router but not the certificate it uses for its web interface..

I do not know of any way to monitor these types of certificates.

You would need to find some way for the data to be reached by the nagios server and then write a custom monitoring plugin to get that information as I have never seen a pre-created plugin that can do this.

Nagios Support Forum

SSL certificate monitoring

Re: SSL certificate monitoring

Re: SSL certificate monitoring

Re: SSL certificate monitoring

Re: SSL certificate monitoring

Re: SSL certificate monitoring

Re: SSL certificate monitoring