On Mon, 18 Mar 2019 at 23:36, Bruce Ferrell <user-24fbf1912cfe@xymon.invalid> wrote:
On 3/18/19 11:25 AM, SebA wrote:
I want to be able to test a TLS service that use server and client
certificates, and the only way seems to be with http, but this is not an
http(s) service. It would need to be
configurable in protocols.cfg or some other way in hosts.cfg. I tried
pretending it was https and it says 'SSL error' in the test output. It
doesn't create the sslcert column
either, or I could just disable the https test and still get the
certificate monitoring, which is what I wanted most anyway.
Kind regards,
SebA
What does the openssl s_client test do?
openssl s_client -connect <host:port>
Hi Bruce,
When the certificate is expired the result on
openssl-1.0.2k-12.109.amzn1.x86_64 (the local server) is:
Verify return code: 10 (certificate has expired)
However, the result on openssl-1.0.2k-12.el7.x86_64 (on the Xymon server)
is:
Verify return code: 20 (unable to get local issuer certificate)
Once the certificate is renewed the result on both versions is:
Verify return code: 0 (ok)
Kind regards,
SebA