[Nagiosplug-devel] [ nagiosplug-Bugs-1402262 ] check_http SSL doesn't work for Tomcat servers

SourceForge.net noreply at sourceforge.net
Thu Mar 2 07:59:04 CET 2006


Bugs item #1402262, was opened at 2006-01-10 19:01
Message generated for change (Comment added) made by huntes
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1402262&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: Release (specify)
Status: Open
Resolution: None
Priority: 5
Submitted By: richard (rag777)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http SSL doesn't work for Tomcat servers

Initial Comment:
check_http fails with CRITICAL - Cannot retrieve server
certificate for checks against Tomcat servers.

This is from release 1.4.2 and tested against Tomcat
4.x and 5.x servers. It is completely reproducable.


This example works:
check_http --ssl www.verisign.com

HTTP OK HTTP/1.1 200 OK - 30606 bytes in 1.754 seconds
|time=1.754026s;;;0.000000 size=30606B;;;0


This example fails:
check_http --ssl www.icpkp.com

CRITICAL - Cannot retrieve server certificate.


I have tried this against a bunch of Tomcat sites and
always get the same result. I also get it when trying
against a self-signed certificate.

The browsers access the certificate fine, and don't
report any problems.

Any help would be greatly appreciated!


----------------------------------------------------------------------

Comment By: Scott Hunter (huntes)
Date: 2006-03-02 10:57

Message:
Logged In: YES 
user_id=315297

I am also having this exact problem with an AES certificate
in Tomcat.

----------------------------------------------------------------------

Comment By: David Kelly (at-one)
Date: 2006-03-01 07:03

Message:
Logged In: YES 
user_id=1275092

Incidentally I just checked out the certificate for
icpkp.com to which the original bug report refers and it too
is using an AES ciphered cert. This leads me to believe that
it's the cipher that is the issue, not Tomcat.

----------------------------------------------------------------------

Comment By: David Kelly (at-one)
Date: 2006-03-01 06:59

Message:
Logged In: YES 
user_id=1275092

I can't comment on Tomcat servers but it seems this error
also applies to site certificates using the AES cipher:

insight2:/s2s/apps/nagios-plugins# ./check_http --ssl
www.verisign.com
HTTP OK HTTP/1.1 200 OK - 31062 bytes in 1.206 seconds
|time=1.205539s;;;0.000000 size=31062B;;;0

insight2:/s2s/apps/nagios-plugins# ./check_http --ssl
www.e-paycobalt.com
CRITICAL - Cannot retrieve server certificate.

e-paycobalt.com is just one of many of our customer sites
using the aes encrypted certificates that I have tested this
on. All fail with the same error.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1402262&group_id=29880




More information about the Devel mailing list