SSL problems with xymon
list Leif Sommerdal
Recently I got an error with a perfectly valid certificate in xymon. Xymon reports red Fri Nov 22 09:50:20 2019: SSL error red https://www.su.dk/ - SSL error Seconds: 0.261158000 Trying to access the site using firefox from Xymon server doesn?t report any error: [cid:image001.png at 01D5A11B.2B073820] Testing the certificate using openssl doesn't look right: echo| openssl s_client -connect www.su.dk:443<http://www.su.dk:443>; CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 289 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1574412455 Timeout : 300 (sec) Verify return code: 0 (ok) Testing other sites using the same method works fine for other sites. What can I do to solve this problem? How do I proceed? If I'm missing some information - pease let med know. Med venlig hilsen/Kind Regards Leif Sommerdal
Attachments (1)
attachment.pnglist Jeremy
Hi Leif, I recently has the same problem and the solution was to put sni on for that host. I couldn't get it to work in hosts.cfg, don't know what I was doing wrong, so I added --sni=on to the CMD for xymonnet in tasks.cfg. Regards Jeremy
▸
------ Original Message ------
From: "Leif Sommerdal" <user-64ddd00a1ec2@xymon.invalid>
To: "xymon at xymon.com" <xymon at xymon.com>
Sent: 22/11/2019 09:14:22
Subject: [Xymon] SSL problems with xymon
Recently I got an error with a perfectly valid certificate in xymon. Xymon reports red Fri Nov 22 09:50:20 2019: SSL error red https://www.su.dk/ - SSL error Seconds: 0.261158000 Trying to access the site using firefox from Xymon server doesn?t report any error: Testing the certificate using openssl doesn't look right:
echo| openssl s_client -connect www.su.dk:443 <http://www.su.dk:443>;
▸
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1574412455
Timeout : 300 (sec)
Verify return code: 0 (ok)
Testing other sites using the same method works fine for other sites.
What can I do to solve this problem? How do I proceed?
If I'm missing some information - pease let med know.
Med venlig hilsen/Kind Regards
Leif Sommerdal
list Leif Sommerdal
Hi Jeremy Thanks a lot ? Its working again. Regards Leif
▸
Fra: Jeremy <user-6d8e227afca3@xymon.invalid> Sendt: 22. november 2019 10:48 Til: Leif Sommerdal <user-64ddd00a1ec2@xymon.invalid>; xymon at xymon.com Emne: Re: [Xymon] SSL problems with xymon Hi Leif, I recently has the same problem and the solution was to put sni on for that host. I couldn't get it to work in hosts.cfg, don't know what I was doing wrong, so I added --sni=on to the CMD for xymonnet in tasks.cfg. Regards Jeremy ------ Original Message ------ From: "Leif Sommerdal" <user-64ddd00a1ec2@xymon.invalid<mailto:user-64ddd00a1ec2@xymon.invalid>> To: "xymon at xymon.com<mailto:xymon at xymon.com>" <xymon at xymon.com<mailto:xymon at xymon.com>> Sent: 22/11/2019 09:14:22 Subject: [Xymon] SSL problems with xymon Recently I got an error with a perfectly valid certificate in xymon. Xymon reports red Fri Nov 22 09:50:20 2019: SSL error red https://www.su.dk/ - SSL error Seconds: 0.261158000 Trying to access the site using firefox from Xymon server doesn?t report any error:
[cid:user-bfddb3ed193a@xymon.invalid366930]
▸
Testing the certificate using openssl doesn't look right: echo| openssl s_client -connect www.su.dk:443<http://www.su.dk:443>; CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 289 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1574412455 Timeout : 300 (sec) Verify return code: 0 (ok) Testing other sites using the same method works fine for other sites. What can I do to solve this problem? How do I proceed? If I'm missing some information - pease let med know. Med venlig hilsen/Kind Regards Leif Sommerdal