monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Setting up SSL


From: Jon Evans
Subject: Setting up SSL
Date: Fri, 21 May 2004 12:52:48 +0100

Hi,

I want my Monit server to be open to the whole company (so service checks can be carried out wherever I happen to be) but also secured by password, and also SSL so the password cannot be sniffed.

I've followed the instructions for creating a certificate file, both from here:
http://www.eclectica.ca/howto/ssl-cert-howto.php
- which walks you through setting up your own CA to sign the new certificate with, and here:
http://sial.org/howto/openssl/self-signed/
which just creates a self-signed certificate.

That last one you might have to get via the google cache, search for openssl create self signed certificate and it's the top result.

Both techniques end up by doing this:

cat host.cert host.key > host.pem

to create a file that contains both the key and the certificate.

monit -I -v starts up OK, but when I browse to it it spits out this error:

monit: check_preverify(): SSL connection rejected because certificate verification has failed -- Error 20 monit: embed_accepted_ssl_socket(): Openssl engine error: error:140890B2:SSL routines:func(137):reason(178)

a brief google search tells me that func(137) is ENGINE_R_INVALID_CMD_NAME and reason(178) is ENGINE_F_ENGINE_CTRL_CMD but apart from that I'm out of my depth.

My test config file starts with:
set httpd port 2812
        ssl enable
        pemfile /home/evansj/cert/monit.pem
        allow admin:monit

and I'm using monit 4.3.

Any ideas?

I also have a feature request: it would be useful if there was a command line flag to tell monit to NOT do service stops / starts / restarts, so config files can be tested. I can't run my fully featured config file as an unprivileged user because of the ICMP checks.

Thanks again,

Jon





reply via email to

[Prev in Thread] Current Thread [Next in Thread]