[Nagiosplug-help] Cant monitor SSL Certs on vhosts with check_http

Gustavo Vieira Oliveira gustavov at sc.senai.br
Fri Jan 11 12:38:22 CET 2013


Hello Heinze,

Thanks for the answer!

I use one certificate file per vhost, so, it's not a certificate with 
multiples SANs.

The check_http has an option --sni but it doesnt seem to work.

I'm thinking about updating openssl installation.

Atenciosamente,
__________________________________________________________________
GUSTAVO VIEIRA OLIVEIRA.
Sistema FIESC

Unidade de Tecnologia da Informação - TIC
Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis - SC
Fone (48) 3231-4699 - Fax (48) 3231-4170
e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br

Em 11/01/2013 05:41, Heinze, Markus escreveu:
> No, one certificate for one host/ip.
>
> The Apache doc says: (http://wiki.apache.org/httpd/NameBasedSSLVHosts)
>
> As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port.
>
> But
>
> In reality, Apache will allow you to configure name-based SSL virtual hosts, but it will always use the configuration from the first-listed virtual host (on the selected IP address and port) to setup the encryption layer.
>
>
> Maybe you use SAN certificates (subject alternative names) or SNI (Server Name Indication), but I don't know if check_http support it.
> So, I don't know your implementaion for multiple certificates.
>
>
> Mit freundlichen Grüßen
> Markus Heinze
>
> ESTA-Bildungswerk gGmbH
> Bismarckstr. 8
> 32545 Bad Oeynhausen
> e-mail: markus.heinze at esta-bw.de
> Telefon: 05731 - 157 231
> Telefax: 05731 - 157 198
> www.esta-bw.de
>
> Geschäftsführerin: Martina Schirmacher
> Vorsitzender des Aufsichtsrats: Dr. Wilm Schulte
> Amtsgericht Bad Oeynhausen
> Handelsregisternummer: 16 HR B 9704
> Steuer-Ident-Nr.: DE242099511
>
>
> -----Ursprüngliche Nachricht-----
> Von: Gustavo Vieira Oliveira [mailto:gustavov at sc.senai.br]
> Gesendet: Donnerstag, 10. Januar 2013 18:11
> An: Heinze, Markus
> Cc: Nagios Plugin Help List
> Betreff: Re: [Nagiosplug-help] Cant monitor SSL Certs on vhosts with check_http
>
> @Heinze:
>
> Do you have more than one certificate and virtualhost in the same host?
>
> Atenciosamente,
> __________________________________________________________________
> GUSTAVO VIEIRA OLIVEIRA.
> Sistema FIESC
>
> Unidade de Tecnologia da Informação - TIC Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis - SC Fone (48) 3231-4699 - Fax (48) 3231-4170
> e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br
>
> Em 10/01/2013 13:27, Heinze, Markus escreveu:
>> Hello.
>>
>> I check it with
>>
>> /usr/local/nagios/libexec/check_http --ssl -H www.webserver.com -C 28
>> Output: OK - Certificate will expire on xx/xx/xxxx 01:47.
>>
>>
>> Mit freundlichen Grüßen
>> Markus Heinze
>>
>> ESTA-Bildungswerk gGmbH
>> Bismarckstr. 8
>> 32545 Bad Oeynhausen
>> e-mail: markus.heinze at esta-bw.de
>> Telefon: 05731 - 157 231
>> Telefax: 05731 - 157 198
>> www.esta-bw.de
>>
>> Geschäftsführerin: Martina Schirmacher Vorsitzender des Aufsichtsrats:
>> Dr. Wilm Schulte Amtsgericht Bad Oeynhausen
>> Handelsregisternummer: 16 HR B 9704
>> Steuer-Ident-Nr.: DE242099511
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Gustavo Vieira Oliveira [mailto:gustavov at sc.senai.br]
>> Gesendet: Donnerstag, 10. Januar 2013 15:07
>> An: nagiosplug-help at lists.sourceforge.net
>> Betreff: [Nagiosplug-help] Cant monitor SSL Certs on vhosts with
>> check_http
>>
>> Hello!
>>
>> I'm not able to use check_http to monitor SSL certificates on vhosts. It always seem to get the host SSL certificate.
>>
>> I've tried this command-line options "-S -I 10.1.1.1 -H www.webserver.com" also, i've used "-k "Host: www.webserver.com", all without success. The only way i can get it to work is setting each vhost on a different port and changing the command-line arguments to use this specific port.
>>
>> Is there any way i can monitor the vhost certificate instead of the host SSL certificate?
>>
>> Thanks in advance!
>>
>> --
>> Atenciosamente,
>> __________________________________________________________________
>> GUSTAVO VIEIRA OLIVEIRA.
>> Sistema FIESC
>>
>> Unidade de Tecnologia da Informação - TIC Rod. Admar Gonzaga, 2765 -
>> Itacorubi - 88034-001 - Florianópolis - SC Fone (48) 3231-4699 - Fax
>> (48) 3231-4170
>> e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122712
>> _______________________________________________
>> Nagiosplug-help mailing list
>> Nagiosplug-help at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
>> ::: Please include plugins version (-v) and OS when reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null





More information about the Help mailing list