sslcert
list Henrik Størner
In <user-685274ea37e4@xymon.invalid> "Xymon User in Richmond" <user-24d6f8323faa@xymon.invalid> writes:
On Thu, January 20, 2011 17:06, Henrik Størner wrote:OK, so you have (at least) 7 SSL-enabled services running on one host. The effect of that is rather unpredictable - when doing the "sslcert" status, I didn't think that you would have one line in hosts.cfg with multiple (different) SSL certificates. So which of the 7 certificates will show up in the "sslcert" status is unpredictable.
I have hosts running both httpd ssl and imaps services, with separate certs, and it reports both certs correctly. I don't know if it will handle status correctly, though. The imaps certs are self-generated with expirations years out. IIRC, it has gone yellow on the httpd certs at the correct time. The https test precedes the imaps test on the hosts line, and the certs are stacked in that order on the sslcert page.
I stand corrected, then - apparently I did foresee that possibility :-) Regards, Henrik
list Ryan Novosielski
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
▸
On 1/21/2011 12:17 PM, Henrik Størner wrote:In <user-685274ea37e4@xymon.invalid> "Xymon User in Richmond" <user-24d6f8323faa@xymon.invalid> writes:On Thu, January 20, 2011 17:06, Henrik Størner wrote:OK, so you have (at least) 7 SSL-enabled services running on one host. The effect of that is rather unpredictable - when doing the "sslcert" status, I didn't think that you would have one line in hosts.cfg with multiple (different) SSL certificates. So which of the 7 certificates will show up in the "sslcert" status is unpredictable.I have hosts running both httpd ssl and imaps services, with separate certs, and it reports both certs correctly. I don't know if it will handle status correctly, though. The imaps certs are self-generated with expirations years out. IIRC, it has gone yellow on the httpd certs at the correct time. The https test precedes the imaps test on the hosts line, and the certs are stacked in that order on the sslcert page.I stand corrected, then - apparently I did foresee that possibility :-)
It's perfectly reasonable -- you'll run into that with any webserver providing https that also provides imap-s, which is not that outlandish. - -- - ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk05wNUACgkQmb+gadEcsb7d8gCdHvGKZdqGid4NBpSVaII5l2CB vnUAoNCanVKkhURwyTNxRvxjF4F10DsL =NJsu -----END PGP SIGNATURE-----
list Xymon User in Richmond
▸
On Fri, January 21, 2011 12:17, Henrik Størner wrote:
In <user-685274ea37e4@xymon.invalid> "Xymon User in Richmond" <user-24d6f8323faa@xymon.invalid> writes:On Thu, January 20, 2011 17:06, Henrik Størner wrote:OK, so you have (at least) 7 SSL-enabled services running on one host. The effect of that is rather unpredictable - when doing the "sslcert" status, I didn't think that you would have one line in hosts.cfg with multiple (different) SSL certificates. So which of the 7 certificates will show up in the "sslcert" status is unpredictable.I have hosts running both httpd ssl and imaps services, with separate certs, and it reports both certs correctly. I don't know if it will handle status correctly, though. The imaps certs are self-generated with expirations years out. IIRC, it has gone yellow on the httpd certs at the correct time. The https test precedes the imaps test on the hosts line, and the certs are stacked in that order on the sslcert page.I stand corrected, then - apparently I did foresee that possibility :-)
I understand: I often turn out to have been smarter than I realized at the time (when I'm stupid it's usually readily apparent). I noticed overnight on a personal server that even if the httpd and imaps certs are the same one, it's reported once per service. I like that.