How to debug "SSL error" on https test(s)?
list Kent Brodie
Hey everyone- So a recent web server I have configured is causing Xymon to get an "SSL Error". Even with DEBUG enabled in xymonnet, I don't see anything useful. All I see is, 32183 2019-04-23 15:14:54.869387 Calc http color host morn.rgd.mcw.edu : 32183 2019-04-23 15:14:54.869389 https://scge.mcw.edu/(red) 32183 2019-04-23 15:14:54.869391 --> red 32183 2019-04-23 15:14:54.869393 Adding to combo msg: status+30 morn,rgd,mcw,edu.http red Tue Apr 23 15:14:52 2019: SSL error In other words, even with debug enabled, all I see is "SSL error". When I connect to the site with any browser, there are no SSL or certificate issues. In fact, I have dozens of apache web sites all with certs. But this one is causing me fits and I don't know why. ANY help getting "more" debug info would be super appreciated! Thanks all --Kent
list Dave "doughnut" Fogarty
I was able to look at your cert with this: echo | openssl s_client -connect scge.mcw.edu:443 I got no errors. If you run this from the xymonnet host, do you see errors? I see you're using a cert from InCommon. Are your other tests from that same xymonnet server succeeding using InCommon certs? HTH, Dave
▸
On Wed, 24 Apr 2019, Brodie, Kent wrote:
Hey everyone— So a recent web server I have configured is causing Xymon to get an “SSL Error”. Even with DEBUG enabled in xymonnet, I don’t see anything useful. All I see is, 32183 2019-04-23 15:14:54.869387 Calc http color host morn.rgd.mcw.edu : 32183 2019-04-23 15:14:54.869389 https://scge.mcw.edu/(red) 32183 2019-04-23 15:14:54.869391 --> red 32183 2019-04-23 15:14:54.869393 Adding to combo msg: status+30 morn,rgd,mcw,edu.http red Tue Apr 23 15:14:52 2019: SSL error In other words, even with debug enabled, all I see is “SSL error”. When I connect to the site with any browser, there are no SSL or certificate issues. In fact, I have dozens of apache web sites all with certs. But this one is causing me fits and I don’t know why. ANY help getting “more” debug info would be super appreciated! Thanks all --Kent
list Kent Brodie
▸
I was able to look at your cert with this:
echo | openssl s_client -connect scge.mcw.edu:443
I got no errors. If you run this from the xymonnet host, do you see errors?
I see you're using a cert from InCommon. Are your other tests from that same xymonnet server succeeding using InCommon certs?
That command works great from the xymon host. We have DOZENS of incommon certs all over. They all work without issue. The CSR's are all generated with the same script, the certs all come from the same corporate-licensed source for Incommon.
My question remains.... is it possible to get more debugging from XYMONNET....??? Hoping to heck that can somehow TELL me what the "SSL Error" is..?
list John Thurston
▸
On 4/24/2019 9:20 AM, Brodie, Kent wrote:
So a recent web server I have configured is causing Xymon to get an “SSL Error”. Even with DEBUG enabled in xymonnet, I don’t see anything useful.
I'd be trying to do with with
xymoncmd xymonnet --no-update --debug hostname
Then I can play with the various --ssl options to see if they made any
difference.
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska
list Kent Brodie
▸
I'd be trying to do with with xymoncmd xymonnet --no-update --debug hostname
Then I can play with the various --ssl options to see if they made any difference.
And now it's green. **And I've changed nothing**
I am writing this off to "solar flares".
That said, thank you for the info, THAT gave me useful debugging. I will file that for future use.