Nagios Support Forum

Posted: **Thu Aug 27, 2015 12:25 pm**

Hello,

We have just spun up 3 new web server that are using SSL 2.0 for security. All of the other servers we have are using SSL 1.1.

When I create a service to check is the log-in page responds I get an error message. What message I get depends on what version of SSL I tell Nagios to use. I am using the Check_XI_Service_http Check Command and here are the results I get.

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" -S
OUTPUT: CRITICAL - Cannot make SSL connection.

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" -S 2
OUTPUT: connect to address 2 and port 443: Invalid argument
HTTP CRITICAL - Unable to open TCP socket

This particular web page doesn't exist on our current SSL 1.1 boxes, so I can't verify that this check works with that version. However, we have other pages (SSL1.1) that are being checked using the Check_XI_Service_http command that are responding fine.

Any ideas about what I'm doing wrong?

Thanks!

Posted: **Thu Aug 27, 2015 12:33 pm**

Change your command to:

Code: Select all

/usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" --ssl=2

Posted: **Thu Aug 27, 2015 12:41 pm**

Thank you for your quick response. Here is the output now:

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "<URL>" --ssl=2
OUTPUT: CRITICAL - Cannot make SSL connection.

Posted: **Thu Aug 27, 2015 3:02 pm**

When I take out all SSL options it tells me I need 1.1 SSL. How do I make Nagios look for 2.0?

Code: Select all

COMMAND: /usr/local/nagios/libexec/check_http -H hpcaweb03 -u "/savaconnect/identity"
OUTPUT: HTTP WARNING: HTTP/1.1 403 SSL is required - 173 bytes in 0.520 second response time |time=0.519968s;;;0.000000 size=173B;;;0

Posted: **Thu Aug 27, 2015 4:56 pm**

The --ssl=2 should force it to SSLv2. Can you run the check from a shell with verbose on so we can get a detailed error message?

Code: Select all

/usr/local/nagios/libexec/check_http -H hpcaweb03 -u "/savaconnect/identity" -v
/usr/local/nagios/libexec/check_http -H hpcaweb03 -u "/savaconnect/identity" --ssl=2 -v

Posted: **Mon Aug 31, 2015 7:25 am**

Thank you for your response. We seem to have had some issues with some other things around some other software with SSL 2.0 so we have temporarily rolled back to SSL 1.1. We are going to spin up a test box and see if we can pinpoint the issue in our sandbox environment.

While we're waiting on that to move forward, I don't know if you want to keep this thread open or me just open another if I continue to have problems.

Either way, thank you for your assistance.

Posted: **Mon Aug 31, 2015 9:01 am**

For the sake of organization let's keep this one open for now, however for the sake of our workflow please don't reply until you have news.

Nagios Support Forum

Errors checking new SSL 2.0 webpage

Errors checking new SSL 2.0 webpage

Re: Errors checking new SSL 2.0 webpage

Re: Errors checking new SSL 2.0 webpage

Re: Errors checking new SSL 2.0 webpage

Re: Errors checking new SSL 2.0 webpage

Re: Errors checking new SSL 2.0 webpage

Re: Errors checking new SSL 2.0 webpage