sslcert
list Frank Torontour
Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX
list Sebastian Auriol
Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg. Kind regards, SebA
▸
On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid> wrote:
Hi,
This is for the sslcert service:
I have xymon monitoring a web site where the certificate has been
changed twice over
the past 2 years. And it is currently up to date. What xymon is showing
for the dates
of the certificate are wrong. Is there a way to fix this so it shows the
correct certificate
and not an old one?
start date: 2014-12-02 19:29:50 GMT
expire date:2015-04-01 19:29:50 GMT
Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013
days ago
Server certificate:
subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/
CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid
start date: 2014-12-02 19:29:50 GMT
expire date:2015-04-01 19:29:50 GMT
key size:1024
issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/
CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid
▸
signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadm cronomagic.com/gemstelecom.com
e-mail user-fbc5ef527f6f@xymon.invalid
POWERED BY LINUX
list Josh Luthman
My Windows machine + Chrome believes that certificate is good until 2019... https://i.imgur.com/JiSHntT.png Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX
▸
On Tue, Jan 9, 2018 at 11:19 AM, SebA <user-4631430d620a@xymon.invalid> wrote:
Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page
here: http://xymon.sourceforge.net/xymon/help/manpages/man5/ hosts.cfg.5.html But, the short answer is you can probably just add the
▸
sni tag to your host in hosts.cfg. Kind regards, SebA On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid> wrote:Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago Server certificate:
subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN= serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1. thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid
▸
signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX
list Sebastian Auriol
Your Windows machine + Chrome is using SNI. On 9 January 2018 at 16:25, Josh Luthman <user-4c45a83f15cb@xymon.invalid>
▸
wrote:
My Windows machine + Chrome believes that certificate is good until 2019... https://i.imgur.com/JiSHntT.png Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St
<https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>; Suite XXXX <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>; Troy, OH XXXXX <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>;
▸
On Tue, Jan 9, 2018 at 11:19 AM, SebA <user-4631430d620a@xymon.invalid> wrote:Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page
here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts. cfg.5.html But, the short answer is you can probably just add the sni
▸
tag to your host in hosts.cfg. Kind regards, SebA On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid> wrote:Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago Server certificate:
subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1 .thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid
▸
start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1. thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX
list Frank Torontour
I tried this an no go. Not sure if I am doing this correctly as the hosts.cfg file is not clear: https://www.thesweetbasket.com/en/;sni; sni;https://www.thesweetbasket.com/en/ On 1/9/18 11:19, SebA wrote:
Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com <http://www.thesweetbasket.com>; resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg.
▸
Kind regards, SebA On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid <mailto:user-fbc5ef527f6f@xymon.invalid>> wrote: Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ <https://www.thesweetbasket.com/en/>; expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) --
sysadmcronomagic.com/gemstelecom.com <http://cronomagic.com/gemstelecom.com>; user-3a42a2ba864a@xymon.invalid <mailto:user-fbc5ef527f6f@xymon.invalid> POWERED BY LINUX <
-- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX
list Sebastian Auriol
It's a separate tag - you need a space between sni and the URL.
▸
On 9 January 2018 at 16:44, Frank <user-fbc5ef527f6f@xymon.invalid> wrote:
I tried this an no go. Not sure if I am doing this correctly as the hosts.cfg file is not clear: https://www.thesweetbasket.com/en/;sni; sni;https://www.thesweetbasket.com/en/ On 1/9/18 11:19, SebA wrote: Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/ hosts.cfg.5.html But, the short answer is you can probably just add the sni tag to your host in hosts.cfg. Kind regards, SebA On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid> wrote:Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN= serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1. thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX-- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX
list Frank Torontour
After trial and error: This is what worked: https://www.thesweetbasket.com/en/ sni
▸
On 1/9/18 11:41, SebA wrote:Your Windows machine + Chrome is using SNI.
On 9 January 2018 at 16:25, Josh Luthman <user-4c45a83f15cb@xymon.invalid
<mailto:user-4c45a83f15cb@xymon.invalid>> wrote:
My Windows machine + Chrome believes that certificate is good
until 2019...
https://i.imgur.com/JiSHntT.png <https://i.imgur.com/JiSHntT.png>;
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
<https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>;
Suite XXXX
<https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>;
Troy, OH XXXXX
<https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>;
On Tue, Jan 9, 2018 at 11:19 AM, SebA <user-4631430d620a@xymon.invalid
<mailto:user-4631430d620a@xymon.invalid>> wrote:
Hi Frank,
Xymon has picked up the certificate that is on
https://66.159.47.82/ the IP address that
www.thesweetbasket.com <http://www.thesweetbasket.com>;
resolves to. That certificate has indeed expired. However,
to get Xymon to test the certificate you are actually using,
you need to enable sni. Search for sni in the man page here:
http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html
<http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html>;
But, the short answer is you can probably just add the sni tag
to your host in hosts.cfg.
Kind regards, SebA
On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid
<mailto:user-fbc5ef527f6f@xymon.invalid>> wrote:
Hi,
This is for the sslcert service:
I have xymon monitoring a web site where the
certificate has been changed twice over
the past 2 years. And it is currently up to date. What
xymon is showing for the dates
of the certificate are wrong. Is there a way to fix this
so it shows the correct certificate
and not an old one?
start date: 2014-12-02 19:29:50 GMT
expire date:2015-04-01 19:29:50 GMT
Tue Jan 9 10:58:46 2018
red SSL certificate for https://www.thesweetbasket.com/en/
<https://www.thesweetbasket.com/en/>; expired 1013 days ago
Server certificate:
subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid
start date: 2014-12-02 19:29:50 GMT
expire date:2015-04-01 19:29:50 GMT
key size:1024
issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid
signature algorithm: sha256WithRSAEncryption
Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
--
sysadmcronomagic.com/gemstelecom.com <http://cronomagic.com/gemstelecom.com>;
user-3a42a2ba864a@xymon.invalid <mailto:user-fbc5ef527f6f@xymon.invalid>
POWERED BY LINUX
<
<
-- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX
list Frank Torontour
I was able to configure the rest of the sites I wanted, and all is working properly. Thank you!.
▸
On 1/9/18 11:49, Frank wrote:After trial and error: This is what worked: https://www.thesweetbasket.com/en/ sni On 1/9/18 11:41, SebA wrote:Your Windows machine + Chrome is using SNI. On 9 January 2018 at 16:25, Josh Luthman <user-4c45a83f15cb@xymon.invalid <mailto:user-4c45a83f15cb@xymon.invalid>> wrote: My Windows machine + Chrome believes that certificate is good until 2019... https://i.imgur.com/JiSHntT.png <https://i.imgur.com/JiSHntT.png>; Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>; Suite XXXX <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>; Troy, OH XXXXX <https://maps.google.com/?q=1100+Wayne+St+Suite+1337+Troy,+OH+45373&entry=gmail&source=g>; On Tue, Jan 9, 2018 at 11:19 AM, SebA <user-4631430d620a@xymon.invalid <mailto:user-4631430d620a@xymon.invalid>> wrote: Hi Frank, Xymon has picked up the certificate that is on https://66.159.47.82/ the IP address that www.thesweetbasket.com <http://www.thesweetbasket.com>; resolves to. That certificate has indeed expired. However, to get Xymon to test the certificate you are actually using, you need to enable sni. Search for sni in the man page here: http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html <http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html>; But, the short answer is you can probably just add the sni tag to your host in hosts.cfg. Kind regards, SebA On 9 January 2018 at 16:06, Frank <user-fbc5ef527f6f@xymon.invalid <mailto:user-fbc5ef527f6f@xymon.invalid>> wrote: Hi, This is for the sslcert service: I have xymon monitoring a web site where the certificate has been changed twice over the past 2 years. And it is currently up to date. What xymon is showing for the dates of the certificate are wrong. Is there a way to fix this so it shows the correct certificate and not an old one? start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT Tue Jan 9 10:58:46 2018 red SSL certificate for https://www.thesweetbasket.com/en/ <https://www.thesweetbasket.com/en/>; expired 1013 days ago Server certificate: subject:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid start date: 2014-12-02 19:29:50 GMT expire date:2015-04-01 19:29:50 GMT key size:1024 issuer:/C=CA/ST=Que/L=Montreal/O=Cronomagic/OU=Web/CN=serv1.thesweetbasket.com/emailAddress=user-9f8ee8e74035@xymon.invalid signature algorithm: sha256WithRSAEncryption Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits) -- sysadmcronomagic.com/gemstelecom.com <http://cronomagic.com/gemstelecom.com>; user-3a42a2ba864a@xymon.invalid <mailto:user-fbc5ef527f6f@xymon.invalid> POWERED BY LINUX < <-- sysadm cronomagic.com/gemstelecom.com
user-3a42a2ba864a@xymon.invalid
POWERED BY LINUX
-- sysadm cronomagic.com/gemstelecom.com e-mail user-fbc5ef527f6f@xymon.invalid POWERED BY LINUX