check validity of ssl certificates (without http-status?)
list Marvin Stark
Hey list, I'm monitoring a lot of hosts, websites and services with xymon and most things are running well. Currently I'm searching for a solution to only monitor the validity of ssl certificates, currently i do this with the HTTP check which does not fit in all of my cases. Example line in hosts.cfg: <IP> domain.tld # noconn https://domain.tld ssldays=30:7 The sslcert check is working but I always get a yellow http check when the website does a redirect 301 for example. In this or many other cases I don't care about the http-status because I only want to validate the certificate and don't care about the application. I've read along the manpages and didn't find any option to suppress the http-check for this host, is there a built in function to do that or a good workaround for my goal? Currently I'm using Xymon Version: 4.3.28 Thanks for your help and tips. Best Regards Marvin -- Compositiv GmbH Hammer Deich 30 20537 Hamburg Tel: XXX / XXX XXXX X Fax: XXX / XXX XXXX XX Gesch?ftsf?hrer Matthias Krawen Amtsgericht Hamburg - HRB 122540 USt.-IdNr: DE282432834 Es gelten ausschlie?lich unsere Servicebedingungen, die Sie unter https://www.compositiv.com/servicebedingungen.pdf einsehen k?nnen -- Datensicherung f?r Microsoft 365 - Damit Ihre Teams & Sharepoint - Daten sicher sind. Compositiv GmbH Hammer Deich 30 20537 Hamburg Tel: XXX / XXX XXXX X Fax: XXX / XXX XXXX XX Gesch?ftsf?hrer Matthias Krawen Amtsgericht Hamburg - HRB 122540 USt.-IdNr: DE282432834 Es gelten ausschlie?lich unsere Servicebedingungen, die Sie unter https://www.compositiv.com/servicebedingungen.pdf einsehen k?nnen
list John Thurston
▸
On 3/23/2021 7:22 AM, Marvin Stark wrote:
Currently I'm searching for a solution to only monitor the validity of ssl certificates, currently i do this with the HTTP check which does not fit in all of my cases.
You could use the "group-except" in place of "group". This will let you suppress the http column on _display_. The test will still be performed, but the results will not be shown. You could use the "httphead" test in place of the basic "http" test. If fed an https URL, I think it would still examine the certificate and populate the sslcert test. You could use the "httpstatus" test in place of the basic "http" test, and specify everything other than [4xx] as success. -- Do things because you should, not just because you can. John Thurston XXX-XXX-XXXX user-ce4d79d99bab@xymon.invalid Department of Administration State of Alaska
list Kris Springer
I also have status issues on some of my hosts.? Instead of trying to avoid the status result, I've just set it as a known response by adding the *httpstatus* check to that host. <IP>? domain.tld # noconn https://domain.tld ssldays=30:7 httpstatus;https://domain.tld;301; Kris Springer
▸
On 3/23/21 9:22 AM, Marvin Stark wrote:Hey list, I'm monitoring a lot of hosts, websites and services with xymon and most things are running well. Currently I'm searching for a solution to only monitor the validity of ssl certificates, currently i do this with the HTTP check which does not fit in all of my cases. Example line in hosts.cfg: <IP>? domain.tld # noconn https://domain.tld ssldays=30:7 The sslcert check is working but I always get a yellow http check when the website does a redirect 301 for example. In this or many other cases I don't care about the http-status because I only want to validate the certificate and don't care about the application. I've read along the manpages and didn't find any option to suppress the http-check for this host, is there a built in function to do that or a good workaround for my goal? Currently I'm using Xymon Version: 4.3.28 Thanks for your help and tips. Best Regards Marvin