Xymon Mailing List Archive search

SSL Certs on servers with multiple virtualhosts

list Ralph Mitchell
Wed, 7 Aug 2013 20:41:22 -0400
Message-Id: <user-e52e0d111617@xymon.invalid>

You're right about separate entries per server - as it stands, it will ping
one server.  I don't know if Xymon concatenates multiple http / sslcert
reports for the same server into the one column, or if each one overwrites
the previous report.

However, it wouldn't be very hard to pass a file of urls to the script and
turn the main body into a loop that pings each url and accumulating the
results into https & sslcert files, then end by posting those files to
Xymon.

And yes, you would want to remove the urls from the xymon hosts.cfg,
otherwise xymonnet would duplicate the effort.

Ralph Mitchell


On Wed, Aug 7, 2013 at 7:30 PM, John D. Alexander <
user-9a0964743c57@xymon.invalid> wrote:

 Hey Ralph,****

** **

Thanks for the script.  I’ll give it a whirl.  I’m guessing that each
separate server will need to be set up with the script run against it.****

Also, I suppose that I’ll need to stop the https://....  Test from the
xymon hosts.cfg****

** **

Thanks again****

** **

John Alexander****

** **

** **

*From:* Ralph Mitchell [mailto:user-00a5e44c48c0@xymon.invalid]
*Sent:* Tuesday, August 06, 2013 6:50 PM
*To:* John D. Alexander
*Cc:* xymon at xymon.com

*Subject:* Re: [Xymon] SSL Certs on servers with multiple virtualhosts****

** **

Here's that script for checking web servers.  It's not rocket surgery, but
it gets the job done.  I needed it to be able to poke a secure web server
through a proxy.****

** **

Ralph Mitchell****

** **

On Tue, Aug 6, 2013 at 2:32 PM, John D. Alexander <
user-9a0964743c57@xymon.invalid> wrote:****

 ****

I’m running Xymon 4.3.12 on CentOS 6.4 and monitoring a number of Apache
web servers that each have multiple SSL VirtualHosts.****

 ****

Xymon appears to be using the openssl s_client utility to check server
certificates and since s_client is not SNI compliant, it only picks up the
certificate of the first VirtualHost.  All other VirtualHosts are reported
having the same certificate.****

 ****

Does anyone know of a workaround (perhaps using curl) to validate SSL
certificates and track expiration dates of those certificates?****

 ****

Thanks much.****

 ****

*John Alexander*
Network Administrator****

 ****


** **