[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: https ssl test
|
From: |
Gerrit Kühn |
|
Subject: |
Re: https ssl test |
|
Date: |
Thu, 30 May 2024 09:17:06 +0200 |
Am Wed, 29 May 2024 18:54:56 +0200
schrieb Jan-Henrik Haukeland <hauk@tildeslash.com>:
> You must also tell Monit to connect using the Fully Qualified Domain
> Name (FQDN) as the address. Using ‘localhost’ or an IP-address here,
> won’t do. When you enable ssl.verify it simply means that Monit will
> check that the name of the host (given in address) is the same as the
> SSL certificate's common name.
Good point. I had intended to start with something "very simple" before
moving over to create templated checks via orchestration tools, but this
was obviously "too simple".
> Ps. To see more debug output, start monit with the -Iv options.
I have added the correct dns names now:
---
check host nginx_conn with address removed-but-valid
if failed port 443 protocol https and certificate valid > 30 days
with ssl options { verify: enable }
---
However, looking into the debug output, I still get
---
Socket test failed for [10.xyz.abc.dec:443 -- SSL server certificate
verification error: unable to get local issuer certificate 'nginx_conn'
failed protocol test [HTTP] at [removed-but-valid]:443
[TCP/IP TLS] -- SSL server certificate verification error: unable to get
local issuer certificate
---
Any ideas what I am still missing?
cu
Gerrit
smime.p7s
Description: S/MIME cryptographic signature