https failure in 4.3.4, not in 4.2.3

Hmm, xymonnet --version doesn't give me much:

$ xymonnet --version
xymonnet version 4.3.4


I just found that the server I built 4.3.4 on doesn't have the openssl-devel rpm installed.

So, I need to rebuild that.

Then I should be able to do a make install over the top, and it won't mess up my configuration files right? (/etc/xymon)


Paul Root    - Engineer III  - Qwest is now CenturyLink

-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On
Behalf Of Henrik Størner
Sent: Wednesday, August 31, 2011 2:46 PM
To: xymon at xymon.com
Subject: Re: [Xymon] https failure in 4.3.4, not in 4.2.3

I upgraded my last xymon server from 4.2.3 to 4.3.4 this morning. It
went well, except for one little thing. https tests.

[snip]

If I run a curl on the site, I get:

$ curl https://iadnasp1
curl: (60) SSL certificate problem, verify that the CA cert is OK.

Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

[snip]

So, we have an internal CA. So I'm guessing I need to install the

CA's certificate of authority to clear this issue up?

No, you don't. Xymon doesn't perform validation of certificate chains
like curl does - essentially, Xymon behaves like curl with the
"--insecure" option.

Try running "xymonnet --version" to see if it is able to load the SSL
library at all - you should see the SSL library version listed. If that
doesn't give you a clue, run "xymoncmd xymonnet --debug HOSTNAME" and
see what details it gives about why it cannot connect to the site.


Regards,
Henrik

This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.