nosslcert tag not doing what I thought it did
list Steve Holmes
Still running Xymon 4.2.3 so... I have a need to do a content test on an https url on a dev server that has self signed certificates. The customer just wants Xymon to get through to the first page and check the content without having to mess with the certificate. I thought putting nosslcert on that host would do the trick, but I couldn't see that it changed anything on the resulting page. nosslcert turned the sslcert icon purple, but it didn't change the behavior of the content test. We want to be able to skip the ssl warning and the need to click to proceed to the page. Apparently curl, wget and nagios all have options to do this (although I haven't actually tested that on nagios) so I'd be surprised if Xymon doesn't. Is there another way to do that? Thanks, Steve -- If they give you ruled paper, write the other way. -Juan Ramon Jimenez, poet, Nobel Prize in literature (1881-1958) Truth never damages a cause that is just. -Mohandas Karamchand Gandhi (1869-1948)
list Henrik Størner
▸
I have a need to do a content test on an https url on a dev server that has self signed certificates. The customer just wants Xymon to get through to the first page and check the content without having to mess with the certificate. I thought putting nosslcert on that host would do the trick, but I couldn't see that it changed anything on the resulting page. nosslcert turned the sslcert icon purple, but it didn't change the behavior of the content test.
"nosslcert" means Xymon won't update an "sslcert" status. But since you have one, it will turn purple. Use the "drop" command to delete the status.
▸
We want to be able to skip the ssl warning and the need to click to proceed to the page. Apparently curl, wget and nagios all have options to do this (although I haven't actually tested that on nagios) so I'd be surprised if Xymon doesn't.
Xymon doesn't care about who issues your certificates. So that isn't your problem. What I think is the problem, is that Xymon will *only* fetch the page on the URI that you provide. It will not follow a redirect, not even a simple one like "http://www.foo.org/"; redirecting to "http://www.foo.org/logon.html"; - if you want to check the logon page, you'll have to provide that URL explicitly in hosts.cfg. Regards, Henrik
list Steve Holmes
Thanks Henrik. That's the direction we were heading in anyway, but wanted to make sure we weren't missing something. Steve
▸
On Thu, Oct 13, 2011 at 4:43 PM, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:
I have a need to do a content test on an https url on a dev serverthat has self signed certificates. The customer just wants Xymon to get through to the first page and check the content without having to mess with the certificate. I thought putting nosslcert on that host would do the trick, but I couldn't see that it changed anything on the resulting page. nosslcert turned the sslcert icon purple, but it didn't change the behavior of the content test."nosslcert" means Xymon won't update an "sslcert" status. But since you have one, it will turn purple. Use the "drop" command to delete the status. We want to be able to skip the ssl warning and the need to click toproceed to the page. Apparently curl, wget and nagios all have options to do this (although I haven't actually tested that on nagios) so I'd be surprised if Xymon doesn't.Xymon doesn't care about who issues your certificates. So that isn't your problem. What I think is the problem, is that Xymon will *only* fetch the page on the URI that you provide. It will not follow a redirect, not even a simple one like "http://www.foo.org/"; redirecting to "http://www.foo.org/logon.html**"; - if you want to check the logon page, you'll have to provide that URL explicitly in hosts.cfg. Regards, Henrik ______________________________**
Xymon at xymon.com<
▸
-- If they give you ruled paper, write the other way. -Juan Ramon Jimenez, poet, Nobel Prize in literature (1881-1958) Truth never damages a cause that is just. -Mohandas Karamchand Gandhi (1869-1948)