Xymon Mailing List Archive search

Help, information about ssl certificates

3 messages in this thread

list Vladimir Jekimov · Tue, 18 Sep 2018 10:36:03 +0300 · 
Hello,

I discovered when I check some web pages, I get wrong information about ssl
certificate.
For example, When Xymon get information about ssl certificate for this web
page https://attistibaipar.lv/ we see this information about ssl
certificate:

SSL certificate for https://attistibaipar.lv/ expired 375 days ago

Server certificate:
		 subject:/CN=7spiritcocktails.com
		 start date: 2017-06-09 00:00:00 GMT
		 expire date:2017-09-07 23:59:59 GMT
		 key size:2048
		 issuer:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc.
Certification Authority

But if i check by curl (# curl -v https://attistibaipar.lv/) or by openssl
(# openssl s_client -servername attistibaipar.lv -connect
attistibaipar.lv:443)

----- From curl
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=*.attistibaipar.lv
*       start date: Jul 24 12:23:03 2018 GMT
*       expire date: Oct 22 12:23:03 2018 GMT
*       common name: *.attistibaipar.lv
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US

----- From openssl
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = *.attistibaipar.lv
verify return:1
---
Certificate chain
 0 s:/CN=*.attistibaipar.lv
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---

I get another information and this information is actual and right.

So, why this happened? This is a bug or I need to make right configuration
for Xymon?

Version: Xymon 4.3.17

Sincerely,

Vladimir Jekimov
CoMinder Support
http://www.cominder.eu/
list Henrik Størner · Tue, 18 Sep 2018 10:46:40 +0200 ·
if you run multiple websites on one server, make sure you enable SNI when running the test. Add "sni" to the entry in hosts.cfg.
Regards
Henrik
list Galen Johnson · Tue, 18 Sep 2018 15:29:56 -0400 · 
Even if each site has it's own dedicated cert, a la NamedVirtualHosts?
Curious since I see the same behavior for some of my hosts.

=G=

On Tue, Sep 18, 2018 at 4:46 AM Henrik Størner via Xymon <xymon at xymon.com>
wrote:

---------- Forwarded message ----------
From: "Henrik Størner" <user-ce4a2c883f75@xymon.invalid>
To: Vladimir Jekimov <user-373437c0b75c@xymon.invalid>
Cc: xymon at xymon.com, Andrey Chervonets <user-e7fb5c02322c@xymon.invalid>
Bcc:
Date: Tue, 18 Sep 2018 10:46:40 +0200
Subject: Re: [Xymon] Help, information about ssl certificates
quoted from Henrik Størner
if you run multiple websites on one server, make sure you enable SNI when
running the test. Add "sni" to the entry in hosts.cfg.

Regards
Henrik



---------- Forwarded message ----------
From: "Henrik Størner via Xymon" <xymon at xymon.com>
To: Vladimir Jekimov <user-373437c0b75c@xymon.invalid>
Cc: xymon at xymon.com, Andrey Chervonets <user-e7fb5c02322c@xymon.invalid>
Bcc:
Date: Tue, 18 Sep 2018 10:46:40 +0200
Subject: Re: [Xymon] Help, information about ssl certificates