Hey Ralph,
Thanks for the script. I'll give it a whirl. I'm guessing that each separate server will need to be set up with the script run against it.
Also, I suppose that I'll need to stop the https://.... Test from the xymon hosts.cfg
Thanks again
John Alexander
From: Ralph Mitchell [mailto:user-00a5e44c48c0@xymon.invalid]
Sent: Tuesday, August 06, 2013 6:50 PM
To: John D. Alexander
Cc: xymon at xymon.com
Subject: Re: [Xymon] SSL Certs on servers with multiple virtualhosts
Here's that script for checking web servers. It's not rocket surgery, but it gets the job done. I needed it to be able to poke a secure web server through a proxy.
Ralph Mitchell
On Tue, Aug 6, 2013 at 2:32 PM, John D. Alexander <user-9a0964743c57@xymon.invalid<mailto:user-9a0964743c57@xymon.invalid>> wrote:
I'm running Xymon 4.3.12 on CentOS 6.4 and monitoring a number of Apache web servers that each have multiple SSL VirtualHosts.
Xymon appears to be using the openssl s_client utility to check server certificates and since s_client is not SNI compliant, it only picks up the certificate of the first VirtualHost. All other VirtualHosts are reported having the same certificate.
Does anyone know of a workaround (perhaps using curl) to validate SSL certificates and track expiration dates of those certificates?
Thanks much.
John Alexander
Network Administrator