Updated SSL cert expiration date not refreshing
RESOLVED: For closure to this issue, here's what resolved it. I
manually deleted the old cert from the server and rebooted. This
particular server also functions as a Remote Desktop Management
server, which start throwing cert warnings to RD users after I
deleted the old cert. I looked in the 'RD Gateway Manager' and sure
enough, the new cert was not applied. So I applied the new cert and
immediately Xymon's HTTPS tests went green. I'm confused as to why
this RD Gateway cert would have anything to do with IIS tests
failing for Xymon because as I've said in previous posts all
browsers recognized the new cert in IIS just fine. Only Xymon tests
had an issue.
Final comments: It's a good thing that the Xymon tests were flagging that something was wrong, because it forced me to dig deeper into our server to resolve an unseen issue. Thank you Xymon community for supplying ideas for me to look into.
Thank you.
Kris Springer
On 12/11/2016 3:03 PM, Phil Crooker wrote:
Final comments: It's a good thing that the Xymon tests were flagging that something was wrong, because it forced me to dig deeper into our server to resolve an unseen issue. Thank you Xymon community for supplying ideas for me to look into.
Thank you.
Kris Springer
On 12/11/2016 3:03 PM, Phil Crooker wrote:
The old certificate is probably still enabled for a service somewhere - we had a similar issue where the old certificate was in fact enabled for a service but this was only evident after a reboot. Why don't you just remove it from the windows system? ________________________________________ From: Xymon on behalf of Tech Support Sent: Saturday, 10 December 2016 3:45 AM To: Japheth Cleaver; Scot Kreienkamp; Xymon MailingList Subject: Re: [Xymon] Updated SSL cert expiration date not refreshing Yes, curl test is from Xymon server. Yes, timestamp of Xymon test is current. Xymon version 4.3.25 Ubuntu 16.04 Regarding SNI, the site in question is IIS, not Apache. The cert is a wildcard for our domain so it shows as *.domainname.com Thank you. ------------------------------------------------ Kris Springer Signature - Support On 12/9/2016 8:49 AM, Japheth Cleaver wrote:Was the curl test done from the same Linux server as xymon or a different ont? Xymon's network tester (xymonnet) is completely re-executed for each run, so there's not very much that can be cached on the polling system that could cause it to return an older set. Is the test timestamp up to date on the actual test in question? Also: Which version of xymon are you running, and is the site using SNI by any chance? -jc On 12/9/2016 8:28 AM, Tech Support wrote:The curl command shows the date accurately. Thank you. ------------------------------------------------ Kris Springer Signature - Support On 12/9/2016 7:38 AM, Scot Kreienkamp wrote:What does it say for dates if you examine the cert with curl –v on the command line? *Scot Kreienkamp | Senior Systems Engineer | La-Z-Boy Corporate* One La-Z-Boy Drive | Monroe, Michigan 48162 | Office: XXX-XXX-XXXX | | Mobile: XXXXXXXXXX | Email: user-9678697f1438@xymon.invalid *From:*Xymon [mailto:xymon-bounces@xymon.com] *On Behalf Of *Tech Support *Sent:* Friday, December 9, 2016 10:12 AM *To:* Xymon MailingList *Subject:* [Xymon] Updated SSL cert expiration date not refreshing I recently renewed some SSL certs for our domain. Xymon was testing the https addresses and was correctly showing the ciphers and expiration date. But after I renewed and applied the certs to our servers Xymon still shows the old expiration date on one of our IIS servers, not the new date. The issue is only appearing when Xymon tests our IIS server, not a different Linux server which shows the correct updated date. The SSL certs were applied correctly to the IIS server and all browsers and external tests show accurate dates, but not Xymon. Any idea why this would occur? IIS server is running IIS 8.5 Thanks. Kris SpringerXymon@xymon.comXymon@xymon.com