[Nagiosplug-help] Cant monitor SSL Certs on vhosts with check_http

[Gustavo Vieira Oliveira]

Thanks everyone for your time and help!

It was indeed a problem with openssl version that didn't support SNI.

I just upgraded it to 1.0.1c and recompiled "nagios-plugins" with the 
new openssl executable and everything is ok.

Thanks!

Atenciosamente,
__________________________________________________________________
GUSTAVO VIEIRA OLIVEIRA.
Sistema FIESC

Unidade de Tecnologia da Informação - TIC
Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis - SC
Fone (48) 3231-4699 - Fax (48) 3231-4170
e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br

Em 11/01/2013 09:38, Gustavo Vieira Oliveira escreveu:
> Hello Heinze,
>
> Thanks for the answer!
>
> I use one certificate file per vhost, so, it's not a certificate with
> multiples SANs.
>
> The check_http has an option --sni but it doesnt seem to work.
>
> I'm thinking about updating openssl installation.
>
> Atenciosamente,
> __________________________________________________________________
> GUSTAVO VIEIRA OLIVEIRA.
> Sistema FIESC
>
> Unidade de Tecnologia da Informação - TIC
> Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis - SC
> Fone (48) 3231-4699 - Fax (48) 3231-4170
> e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br
>
> Em 11/01/2013 05:41, Heinze, Markus escreveu:
>> No, one certificate for one host/ip.
>>
>> The Apache doc says: (http://wiki.apache.org/httpd/NameBasedSSLVHosts)
>>
>> As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port.
>>
>> But
>>
>> In reality, Apache will allow you to configure name-based SSL virtual hosts, but it will always use the configuration from the first-listed virtual host (on the selected IP address and port) to setup the encryption layer.
>>
>>
>> Maybe you use SAN certificates (subject alternative names) or SNI (Server Name Indication), but I don't know if check_http support it.
>> So, I don't know your implementaion for multiple certificates.
>>
>>
>> Mit freundlichen Grüßen
>> Markus Heinze
>>
>> ESTA-Bildungswerk gGmbH
>> Bismarckstr. 8
>> 32545 Bad Oeynhausen
>> e-mail: markus.heinze at esta-bw.de
>> Telefon: 05731 - 157 231
>> Telefax: 05731 - 157 198
>> www.esta-bw.de
>>
>> Geschäftsführerin: Martina Schirmacher
>> Vorsitzender des Aufsichtsrats: Dr. Wilm Schulte
>> Amtsgericht Bad Oeynhausen
>> Handelsregisternummer: 16 HR B 9704
>> Steuer-Ident-Nr.: DE242099511
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Gustavo Vieira Oliveira [mailto:gustavov at sc.senai.br]
>> Gesendet: Donnerstag, 10. Januar 2013 18:11
>> An: Heinze, Markus
>> Cc: Nagios Plugin Help List
>> Betreff: Re: [Nagiosplug-help] Cant monitor SSL Certs on vhosts with check_http
>>
>> @Heinze:
>>
>> Do you have more than one certificate and virtualhost in the same host?
>>
>> Atenciosamente,
>> __________________________________________________________________
>> GUSTAVO VIEIRA OLIVEIRA.
>> Sistema FIESC
>>
>> Unidade de Tecnologia da Informação - TIC Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis - SC Fone (48) 3231-4699 - Fax (48) 3231-4170
>> e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br
>>
>> Em 10/01/2013 13:27, Heinze, Markus escreveu:
>>> Hello.
>>>
>>> I check it with
>>>
>>> /usr/local/nagios/libexec/check_http --ssl -H www.webserver.com -C 28
>>> Output: OK - Certificate will expire on xx/xx/xxxx 01:47.
>>>
>>>
>>> Mit freundlichen Grüßen
>>> Markus Heinze
>>>
>>> ESTA-Bildungswerk gGmbH
>>> Bismarckstr. 8
>>> 32545 Bad Oeynhausen
>>> e-mail: markus.heinze at esta-bw.de
>>> Telefon: 05731 - 157 231
>>> Telefax: 05731 - 157 198
>>> www.esta-bw.de
>>>
>>> Geschäftsführerin: Martina Schirmacher Vorsitzender des Aufsichtsrats:
>>> Dr. Wilm Schulte Amtsgericht Bad Oeynhausen
>>> Handelsregisternummer: 16 HR B 9704
>>> Steuer-Ident-Nr.: DE242099511
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Gustavo Vieira Oliveira [mailto:gustavov at sc.senai.br]
>>> Gesendet: Donnerstag, 10. Januar 2013 15:07
>>> An: nagiosplug-help at lists.sourceforge.net
>>> Betreff: [Nagiosplug-help] Cant monitor SSL Certs on vhosts with
>>> check_http
>>>
>>> Hello!
>>>
>>> I'm not able to use check_http to monitor SSL certificates on vhosts. It always seem to get the host SSL certificate.
>>>
>>> I've tried this command-line options "-S -I 10.1.1.1 -H www.webserver.com" also, i've used "-k "Host: www.webserver.com", all without success. The only way i can get it to work is setting each vhost on a different port and changing the command-line arguments to use this specific port.
>>>
>>> Is there any way i can monitor the vhost certificate instead of the host SSL certificate?
>>>
>>> Thanks in advance!
>>>
>>> --
>>> Atenciosamente,
>>> __________________________________________________________________
>>> GUSTAVO VIEIRA OLIVEIRA.
>>> Sistema FIESC
>>>
>>> Unidade de Tecnologia da Informação - TIC Rod. Admar Gonzaga, 2765 -
>>> Itacorubi - 88034-001 - Florianópolis - SC Fone (48) 3231-4699 - Fax
>>> (48) 3231-4170
>>> e-mail: gustavov at sc.senai.br - Site: http://www.sistemafiesc.org.br
>>>
>>>
>>> ----------------------------------------------------------------------
>>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at:
>>> http://p.sf.net/sfu/learnmore_122712
>>> _______________________________________________
>>> Nagiosplug-help mailing list
>>> Nagiosplug-help at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
>>> ::: Please include plugins version (-v) and OS when reporting any issue.
>>> ::: Messages without supporting info will risk being sent to /dev/null
>> ------------------------------------------------------------------------------
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122712
>> _______________________________________________
>> Nagiosplug-help mailing list
>> Nagiosplug-help at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
>> ::: Please include plugins version (-v) and OS when reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
> ------------------------------------------------------------------------------
> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
> much more. Get web development skills now with LearnDevNow -
> 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122812
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null