Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

web service that uses client certificates

https://support.nagios.com/forum/viewtopic.php?t=36020

Page 1 of 2

web service that uses client certificates

Posted: Thu Dec 03, 2015 4:56 pm
by awang
Hi,
Is there any document/instruction I can follow about how to setup Nagios to call a web service that uses client certificates?

thanks

Re: web service that uses client certificates

Posted: Thu Dec 03, 2015 5:20 pm
by rkennedy
Can you clarify what you mean by a client certificate?

Are you referring to check a SSL certificate through check_http?

Re: web service that uses client certificates

Posted: Fri Dec 04, 2015 10:45 am
by awang
Yes, I want to monitor a secured web service which requires the certificate for client authentication.

Re: web service that uses client certificates

Posted: Fri Dec 04, 2015 11:09 am
by rkennedy
You should be able to use the check_http command, along with the -J parameter.

Code: Select all

 check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
       [-J <client certificate file>] [-K <private key>]
       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]
       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]
       [-T <content-type>] [-j method]

Re: web service that uses client certificates

Posted: Wed Dec 23, 2015 11:09 am
by awang
Thanks for your reply.
I have tried to use -J with check_http and received the following output during my test..any idea about it?

COMMAND: /usr/local/nagios/libexec/check_http -H 10.... -u "/keepalive" -p 443 -S -J /tmp/NagiosCertificate.pem -K /tmp/NagiosPrivateKey.pem

OUTPUT: HTTP WARNING: HTTP/1.1 403 Forbidden - 1412 bytes in 0.020 second response time |time=0.019972s;;;0.000000 size=1412B;;;0

Re: web service that uses client certificates

Posted: Wed Dec 23, 2015 5:00 pm
by rkennedy
Can you run it with a -v flag, and post the output above the **** CONTENT **** part?

Re: web service that uses client certificates

Posted: Thu Dec 24, 2015 11:02 am
by tdang
Hello,

I am working with AWang on the same issue. I don't know if this matters, we are using our company self-signed SSL client certificate rather than the commercial/3rd party SSL client certificate.

Thanks!

Re: web service that uses client certificates

Posted: Mon Dec 28, 2015 11:13 am
by rkennedy
awang wrote:Thanks for your reply.
I have tried to use -J with check_http and received the following output during my test..any idea about it?

COMMAND: /usr/local/nagios/libexec/check_http -H 10.... -u "/keepalive" -p 443 -S -J /tmp/NagiosCertificate.pem -K /tmp/NagiosPrivateKey.pem

OUTPUT: HTTP WARNING: HTTP/1.1 403 Forbidden - 1412 bytes in 0.020 second response time |time=0.019972s;;;0.000000 size=1412B;;;0
rkennedy wrote:Can you run it with a -v flag, and post the output above the **** CONTENT **** part?
Could one of you run the check command with the -v flag, and post the output?

Code: Select all

/usr/local/nagios/libexec/check_http -H 10.x.x.x -u "/keepalive" -p 443 -S -J /tmp/NagiosCertificate.pem -K /tmp/NagiosPrivateKey.pem -v

Re: web service that uses client certificates

Posted: Fri Jan 08, 2016 3:20 pm
by tdang
Here's the response we got back.

COMMAND: /usr/local/nagios/libexec/check_http -I hostnamexx -S -J /usr/local/nagiosxi/NagiosCertificate.pem -K /usr/local/nagiosxi/NagiosKey.pem -v
OUTPUT: GET / HTTP/1.0
User-Agent: check_http/v2.0.3 (nagios-plugins 2.0.3)
Connection: close
Accept: */*


https://hostnamexxx:443/ is 1412 characters
STATUS: HTTP/1.1 403 Forbidden
**** HEADER ****
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 08 Jan 2016 20:17:19 GMT
Connection: close
Content-Length: 1233
**** CONTENT ****
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>

HTTP WARNING: HTTP/1.1 403 Forbidden - 1412 bytes in 0.051 second response time |time=0.051404s;;;0.000000 size=1412B;;;0

Re: web service that uses client certificates

Posted: Mon Jan 11, 2016 12:19 pm
by rkennedy
Can you verify what the permissions of /usr/local/nagiosxi/NagiosCertificate.pem and /usr/local/nagiosxi/NagiosCertificate.pem and /usr/local/nagiosxi/NagiosKey.pem is set to and let us know?
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited