remove sslcert test (included with the https test)
list Dennis Ortsen
Hi All, I'm setting up Hobbit for the first time (v4.2.0) At the moment we're using Big Sister, but we're looking for something with better performance and ease of use. I have set up some tests on several hosts. One of the checks I'm using is the https check. That all works well, a green smiley is displayed. The neat thing with the https check is that it also checks the expirydate of your SSL certificate (sslcert test). Here's what I'm looking for: I want to remove the sslcert test for a certain number of hosts. We use a traffic manager that holds all the real SSL certificates, we're using a self signed, expired certificate on the hosts in question. Hobbit warns me with a red sslcert status that the certificate has expired. I know I can disable the the test (turns the smiley into a blue one), but that's not what I want. I have als tried to drop the sslcert test (server/bin/bb localhost "drop hostname sslcert") and add the NOCOLUMNS:sslcert tag for the host in question in the bb-hosts file. The NOCOLUMNS tag works for other statusses (white) but when a status is red, I can't seem to remove the sslcert test. It keeps coming back in a short while after I dropped the test with the bb command. Have I overseen something here? Thanks, Dennis
list Johann Eggers
▸
-----Original Message----- From: Dennis Ortsen [mailto:user-8b22a8e3a886@xymon.invalid] Sent: Mittwoch, 21. März 2007 11:42 To: user-ae9b8668bcde@xymon.invalid Subject: [hobbit] remove sslcert test (included with the https test) Hi All, I'm setting up Hobbit for the first time (v4.2.0) At the moment we're using Big Sister, but we're looking for something with better performance and ease of use. I have set up some tests on several hosts. One of the checks I'm using is the https check. That all works well, a green smiley is displayed. The neat thing with the https check is that it also checks the expirydate of your SSL certificate (sslcert test). Here's what I'm looking for: I want to remove the sslcert test for a certain number of hosts. We use a traffic manager that holds all the real SSL certificates, we're using a self signed, expired certificate on the hosts in question. Hobbit warns me with a red sslcert status that the certificate has expired. I know I can disable the the test (turns the smiley into a blue one), but that's not what I want. I have als tried to drop the sslcert test (server/bin/bb localhost "drop hostname sslcert") and add the NOCOLUMNS:sslcert tag for the host in question in the bb-hosts file. The NOCOLUMNS tag works for other statusses (white) but when a status is red, I can't seem to remove the sslcert test. It keeps coming back in a short while after I dropped the test with the bb command. Have I overseen something here? Thanks, Dennis
Insert the nosslcert tag to your hosts in bb-hosts
nosslcert
Disables the standard check of any SSL certificates for this host. By default, if an SSL-enabled service is tested, a second test result is generated with information about the SSL certificate - this tag disables the SSL certificate checks for the host.
-Johann
list Dennis Ortsen
▸
On 3/21/07, Johann Eggers <user-769b09132207@xymon.invalid> wrote:
-----Original Message----- From: Dennis Ortsen [mailto:user-8b22a8e3a886@xymon.invalid] Sent: Mittwoch, 21. März 2007 11:42 To: user-ae9b8668bcde@xymon.invalid Subject: [hobbit] remove sslcert test (included with the https test) Hi All, I'm setting up Hobbit for the first time (v4.2.0) At the moment we're using Big Sister, but we're looking for something with better performance and ease of use. I have set up some tests on several hosts. One of the checks I'm using is the https check. That all works well, a green smiley is displayed. The neat thing with the https check is that it also checks the expirydate of your SSL certificate (sslcert test). Here's what I'm looking for: I want to remove the sslcert test for a certain number of hosts. We use a traffic manager that holds all the real SSL certificates, we're using a self signed, expired certificate on the hosts in question. Hobbit warns me with a red sslcert status that the certificate has expired. I know I can disable the the test (turns the smiley into a blue one), but that's not what I want. I have als tried to drop the sslcert test (server/bin/bb localhost "drop hostname sslcert") and add the NOCOLUMNS:sslcert tag for the host in question in the bb-hosts file. The NOCOLUMNS tag works for other statusses (white) but when a status is red, I can't seem to remove the sslcert test. It keeps coming back in a short while after I dropped the test with the bb command. Have I overseen something here? Thanks, DennisInsert the nosslcert tag to your hosts in bb-hosts nosslcert Disables the standard check of any SSL certificates for this host. By default, if an SSL-enabled service is tested, a second test result is generated with information about the SSL certificate - this tag disables the SSL certificate checks for the host. -Johann
Is there a particular order in which the https://host.domain.tld and nosslcert tag need to be placed in bb-hosts? Or do I need to drop the sslcert tests first with the bb command?
list Johann Eggers
▸
Insert the nosslcert tag to your hosts in bb-hosts nosslcert Disables the standard check of any SSL certificates for this host. By default, if an SSL-enabled service is tested, a second test result is generated with information about the SSL certificate - this tag disables the SSL certificate checks for the host. -JohannIs there a particular order in which the https://host.domain.tld and nosslcert tag need to be placed in bb-hosts? Or do I need to drop the sslcert tests first with the bb command?
No, I don't think that there is a particular order ...
list Henrik Størner
▸
On Wed, Mar 21, 2007 at 12:24:46PM +0100, Dennis Ortsen wrote:
Insert the nosslcert tag to your hosts in bb-hostsIs there a particular order in which the https://host.domain.tld and nosslcert tag need to be placed in bb-hosts? Or do I need to drop the sslcert tests first with the bb command?
No, but you should do it like this: 1) Add the "nosslcert" tag in bb-hosts 2) Wait until any running bbtest-net programs have finished (or just wait 5 minutes) 3) Drop the sslcert column with 'bb 127.0.0.1 "drop HOSTNAME sslcert"' Regards, Henrik