[Nagiosplug-devel] [ nagiosplug-Bugs-1402262 ] check_http SSL doesn't work for Tomcat servers

SourceForge.net noreply at sourceforge.net
Wed Mar 1 04:01:01 CET 2006


Bugs item #1402262, was opened at 2006-01-11 00:01
Message generated for change (Comment added) made by at-one
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1402262&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: Release (specify)
Status: Open
Resolution: None
Priority: 5
Submitted By: richard (rag777)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http SSL doesn't work for Tomcat servers

Initial Comment:
check_http fails with CRITICAL - Cannot retrieve server
certificate for checks against Tomcat servers.

This is from release 1.4.2 and tested against Tomcat
4.x and 5.x servers. It is completely reproducable.


This example works:
check_http --ssl www.verisign.com

HTTP OK HTTP/1.1 200 OK - 30606 bytes in 1.754 seconds
|time=1.754026s;;;0.000000 size=30606B;;;0


This example fails:
check_http --ssl www.icpkp.com

CRITICAL - Cannot retrieve server certificate.


I have tried this against a bunch of Tomcat sites and
always get the same result. I also get it when trying
against a self-signed certificate.

The browsers access the certificate fine, and don't
report any problems.

Any help would be greatly appreciated!


----------------------------------------------------------------------

Comment By: David Kelly (at-one)
Date: 2006-03-01 11:59

Message:
Logged In: YES 
user_id=1275092

I can't comment on Tomcat servers but it seems this error
also applies to site certificates using the AES cipher:

insight2:/s2s/apps/nagios-plugins# ./check_http --ssl
www.verisign.com
HTTP OK HTTP/1.1 200 OK - 31062 bytes in 1.206 seconds
|time=1.205539s;;;0.000000 size=31062B;;;0

insight2:/s2s/apps/nagios-plugins# ./check_http --ssl
www.e-paycobalt.com
CRITICAL - Cannot retrieve server certificate.

e-paycobalt.com is just one of many of our customer sites
using the aes encrypted certificates that I have tested this
on. All fail with the same error.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1402262&group_id=29880




More information about the Devel mailing list