Page 6 of 7
Re: SSL Cert failto make connection
Posted: Mon Dec 02, 2013 11:08 am
by vhoover
slansing wrote:I was more referring to the web server's port / cert configuration and usage. NSClient should not be required as this is an active http check initiated from the Nagios server, it is not communicating with NSClient at all.
I appologize then, I not sure exactly what it is your looking for.
Re: SSL Cert failto make connection
Posted: Mon Dec 02, 2013 1:59 pm
by lmiltchev
I believe slansing was trying to explain that:
1. This doesn't seem to be a nagios (or check_http) problem, but rather it is an issue, specific to your SSL certificate.
2. This check has nothing to do with NSClient++.
Re: SSL Cert failto make connection
Posted: Wed Dec 11, 2013 4:11 pm
by vhoover
I cannot believe that there is a problem with the certificate as it is a wildcard cert used on around 20 servers, give or take. I have verified the cert is installed the same as it is on any other server with that same cert and OS version.
Re: SSL Cert failto make connection
Posted: Wed Dec 11, 2013 4:26 pm
by slansing
No what I was trying to make a point of, is that this is most likely an issue with the web server on your remote host.. Please run this command against one of your other windows web servers that is working fine:
Code: Select all
openssl s_client -connect addr:443
Re: SSL Cert failto make connection
Posted: Wed Dec 11, 2013 4:34 pm
by vhoover
slansing wrote:No what I was trying to make a point of, is that this is most likely an issue with the web server on your remote host.. Please run this command against one of your other windows web servers that is working fine:
Code: Select all
openssl s_client -connect addr:443
When I run it against another web server with the same certificate and same Operating System and Patches, it is successful, but when I run it against any of the 5 web servers I am having issue with I get the following:
openssl s_client -connect X.X.X.X:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I guess the web developers did something different with theses servers, is there any places I should start looking?
Re: SSL Cert failto make connection
Posted: Wed Dec 11, 2013 5:36 pm
by slansing
This was checked a few pages ago.. and is something you would need to talk to your network team about and is the entire problem here as we see it now. Unfortunately we really don't have good advice on where to look or who to talk to as it is an internal network / cert issue.
Re: SSL Cert failto make connection
Posted: Tue Jan 07, 2014 4:12 pm
by vhoover
OK Thanks.
Re: SSL Cert failto make connection
Posted: Tue Jan 07, 2014 4:13 pm
by abrist
Let us know how this issue proceeds.
Re: SSL Cert failto make connection
Posted: Thu Feb 06, 2014 5:19 pm
by vhoover
The company has decided that since the load balance device is watched for SSL cert expiration, the individual box does not need it.
Re: SSL Cert failto make connection
Posted: Thu Feb 06, 2014 5:56 pm
by abrist
Fair enough. Can we close this thread?