SSL/HTTPS enabling on existing Xymon Server
list Raja Shekar
Hello Xymon Team, I would like to enable SSL on XYMON Server to support https requests. As I am seeing connection time out errors for HTTPS URL's. Our configuration supports HTTP perfectly fine and for your information it is in production and live, so we don't want to do reinstall of Xymon servers. Rather than is there any configuration changes we can make on existing configs and do the server restart?? Xymon Version we are using Xymon version 4.3.7 I just installed Openssl OpenSSL 1.0.1e-fips 11 Feb 2013 Please let me know if any concerns. Thanks and Regards Raja Shekar
list Jeremy Laidman
Raja
▸
On Thu, Jun 23, 2016 at 4:10 PM Raja Shekar <user-2aa5869f743a@xymon.invalid> wrote:
Hello Xymon Team, I would like to enable SSL on XYMON Server to support https requests. As I am seeing connection time out errors for HTTPS URL's. Our configuration supports HTTP perfectly fine and for your information it is in production and live, so we don't want to do reinstall of Xymon servers. Rather than is there any configuration changes we can make on existing configs and do the server restart?? Xymon Version we are using Xymon version 4.3.7 I just installed Openssl OpenSSL 1.0.1e-fips 11 Feb 2013 Please let me know if any concerns.
Just to be clear, are you asking about enabling HTTPS connections to the webserver that is used to present the Xymon pages? Or enabling monitoring probes of other servers that run HTTPS services? All assume you mean the latter. How did you install Xymon? Did you install from a package, or compile from source code? If the latter, then you probably need to re-compile Xymon so that it can include support for OpenSSL. Also, if you installed OpenSSL from a package, make sure you have the "openssl-devel" package installed as that is required for other programs to link against the OpenSSL libraries at compile time. I think the only binary that uses OpenSSL is xymonet, so you might be able to get away with only replacing this binary. J
list Raja Shekar
Hello Jeremy, Thank you for getting back on this. I am trying to enable monitoring probes of other servers that runs on HTTPS Services to do the health checks. I didn't install the xymon in the existing environment, Looks like who ever did they didn't include Openssl-Devel package. I dont wannt to recompile/reinstall the existing Xymon as we already in production. It would be helpful if I can make any config changes to achieve the HTTPS functionality. Hope this explains my problem. Please feel free to reach me if any concerns. Once again I really appreciate your efforts on responding to the issue. Looking forward to here from you. Thanks and Regards Raja Shekar On Wed, Aug 3, 2016 at 9:04 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid>
▸
wrote:
Raja On Thu, Jun 23, 2016 at 4:10 PM Raja Shekar <user-2aa5869f743a@xymon.invalid> wrote:Hello Xymon Team, I would like to enable SSL on XYMON Server to support https requests. As I am seeing connection time out errors for HTTPS URL's. Our configuration supports HTTP perfectly fine and for your information it is in production and live, so we don't want to do reinstall of Xymon servers. Rather than is there any configuration changes we can make on existing configs and do the server restart?? Xymon Version we are using Xymon version 4.3.7 I just installed Openssl OpenSSL 1.0.1e-fips 11 Feb 2013 Please let me know if any concerns.Just to be clear, are you asking about enabling HTTPS connections to the webserver that is used to present the Xymon pages? Or enabling monitoring probes of other servers that run HTTPS services? All assume you mean the latter. How did you install Xymon? Did you install from a package, or compile from source code? If the latter, then you probably need to re-compile Xymon so that it can include support for OpenSSL. Also, if you installed OpenSSL from a package, make sure you have the "openssl-devel" package installed as that is required for other programs to link against the OpenSSL libraries at compile time. I think the only binary that uses OpenSSL is xymonet, so you might be able to get away with only replacing this binary. J
--
Raja Shekar
list Jeremy Laidman
▸
On Fri, 5 Aug 2016, 23:59 Raja Shekar <user-2aa5869f743a@xymon.invalid> wrote:
Hello Jeremy, Thank you for getting back on this. I am trying to enable monitoring probes of other servers that runs on HTTPS Services to do the health checks. I didn't install the xymon in the existing environment, Looks like who ever did they didn't include Openssl-Devel package. I dont wannt to recompile/reinstall the existing Xymon as we already in production. It would be helpful if I can make any config changes to achieve the HTTPS functionality. Hope this explains my problem.
You can't fix this with a configuration change. If xymonnet was not compiled with support for an ssl library then it will never be able to test ssl connections. Just to be sure this is your problem, run "ldd xymonnet" and see if the output includes the openssl libraries. (I think libcrypto and libssl, from memory) Note that you can install and run xymonnet on a different server and have it report to the main xymon server. You can have multiple xymonnet instances running on the same or different servers. It's very flexible like that. J
list Phil Crooker
You can't test for https just with config changes, it must be enabled in the compiled binaries. Jeremy was saying this only involves the xymonnet binary. You can compile xymon with openssl enabled, then just manually copy the xymonnet file into $XYMONHOME/bin. You'll want to make a copy of the old xymonnet file before doing this as a backup. Probably you'll also need to match your existing environment (path for XYMONHOME, etc as per the xymon configuration script) - safer that way. Another way would be to write an ext script that calls external programs to do the testing - a lot more work but could be done.
▸
From: Xymon <xymon-bounces at xymon.com> on behalf of Raja Shekar <user-2aa5869f743a@xymon.invalid>
Sent: Friday, 5 August 2016 11:29 PM
To: Jeremy Laidman
Cc: xymon at xymon.com
Subject: Re: [Xymon] SSL/HTTPS enabling on existing Xymon Server
Hello Jeremy,
Thank you for getting back on this. I am trying to enable monitoring probes of other servers that runs on HTTPS Services to do the health checks. I didn't install the xymon in the existing environment, Looks like who ever did they didn't include Openssl-Devel package. I dont wannt to recompile/reinstall the existing Xymon as we already in production. It would be helpful if I can make any config changes to achieve the HTTPS functionality. Hope this explains my problem.
Please feel free to reach me if any concerns. Once again I really appreciate your efforts on responding to the issue. Looking forward to here from you.
Thanks and Regards
Raja Shekar
On Wed, Aug 3, 2016 at 9:04 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid<mailto:user-71895fb2e44c@xymon.invalid>> wrote:
Raja
On Thu, Jun 23, 2016 at 4:10 PM Raja Shekar <user-2aa5869f743a@xymon.invalid<mailto:user-2aa5869f743a@xymon.invalid>> wrote:
Hello Xymon Team,
I would like to enable SSL on XYMON Server to support https requests. As I am seeing connection time out errors for HTTPS URL's.
Our configuration supports HTTP perfectly fine and for your information it is in production and live, so we don't want to do reinstall of Xymon servers. Rather than is there any configuration changes we can make on existing configs and do the server restart??
Xymon Version we are using
Xymon version 4.3.7
I just installed Openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
Please let me know if any concerns.
Just to be clear, are you asking about enabling HTTPS connections to the webserver that is used to present the Xymon pages? Or enabling monitoring probes of other servers that run HTTPS services? All assume you mean the latter.
How did you install Xymon? Did you install from a package, or compile from source code? If the latter, then you probably need to re-compile Xymon so that it can include support for OpenSSL. Also, if you installed OpenSSL from a package, make sure you have the "openssl-devel" package installed as that is required for other programs to link against the OpenSSL libraries at compile time.
I think the only binary that uses OpenSSL is xymonet, so you might be able to get away with only replacing this binary.
J
--
Raja Shekar
list Ryan Novosielski
Compiling a new one is no big deal. You're probably out of date anyway, right? Just keep a backup. Sent from my iPhone
▸
On Aug 6, 2016, at 02:33, Raja Shekar <user-2aa5869f743a@xymon.invalid<mailto:user-2aa5869f743a@xymon.invalid>> wrote:
Hello Jeremy,
Thank you for getting back on this. I am trying to enable monitoring probes of other servers that runs on HTTPS Services to do the health checks. I didn't install the xymon in the existing environment, Looks like who ever did they didn't include Openssl-Devel package. I dont wannt to recompile/reinstall the existing Xymon as we already in production. It would be helpful if I can make any config changes to achieve the HTTPS functionality. Hope this explains my problem.
Please feel free to reach me if any concerns. Once again I really appreciate your efforts on responding to the issue. Looking forward to here from you.
Thanks and Regards
Raja Shekar
On Wed, Aug 3, 2016 at 9:04 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid<mailto:user-71895fb2e44c@xymon.invalid>> wrote:
Raja
On Thu, Jun 23, 2016 at 4:10 PM Raja Shekar <user-2aa5869f743a@xymon.invalid<mailto:user-2aa5869f743a@xymon.invalid>> wrote:
Hello Xymon Team,
I would like to enable SSL on XYMON Server to support https requests. As I am seeing connection time out errors for HTTPS URL's.
Our configuration supports HTTP perfectly fine and for your information it is in production and live, so we don't want to do reinstall of Xymon servers. Rather than is there any configuration changes we can make on existing configs and do the server restart??
Xymon Version we are using
Xymon version 4.3.7
I just installed Openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
Please let me know if any concerns.
Just to be clear, are you asking about enabling HTTPS connections to the webserver that is used to present the Xymon pages? Or enabling monitoring probes of other servers that run HTTPS services? All assume you mean the latter.
How did you install Xymon? Did you install from a package, or compile from source code? If the latter, then you probably need to re-compile Xymon so that it can include support for OpenSSL. Also, if you installed OpenSSL from a package, make sure you have the "openssl-devel" package installed as that is required for other programs to link against the OpenSSL libraries at compile time.
I think the only binary that uses OpenSSL is xymonet, so you might be able to get away with only replacing this binary.
J
--
Raja Shekar
list Jeremy Laidman
▸
On 8 August 2016 at 09:56, Phil Crooker <user-e8e31cd73303@xymon.invalid> wrote:
You'll want to make a copy of the old xymonnet file before doing this as a backup. Probably you'll also need to match your existing environment (path for XYMONHOME, etc as per the xymon configuration script) - safer that way.
Or rename the newly compiled xymonnet (eg as xymonnetssl) and place it next
to the old binary; then just change the CMD in the [xymonnet] section of
tasks.cfg to refer to the new binary. That way, easy to switch back.
Cheers
Jeremy