monit-general
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug since upgrade and documentation

From: Guillaume François
Subject: Re: Bug since upgrade and documentation
Date: Mon, 20 Jul 2020 16:33:48 +0200
To add some detail, we tried on another host OS (Ubuntu 20.04) while the problematic one is CentOS , and it was working fine

Same binary but another OpenSSL stack probably.
-------------------------------------
This is Monit version 5.27.0
Built with ssl, with ipv6, with compression, with pam and with large files
Copyright (C) 2001-2020 Tildeslash Ltd. All Rights Reserved.
-------------------------------------

--------------------------------------
Remote Host '*******'
  status                       OK
  monitoring status            Monitored
  monitoring mode              active
  on reboot                    start
  port response time           114.394 ms to *******:443 type TCP/IP using TLS (certificate valid for 104 days) protocol HTTP
  data collected               Mon, 20 Jul 2020 16:30:06
-----------------------------------------

Best regards.

Le lun. 20 juil. 2020 à 16:26, Guillaume François <guillaume.francois55@gmail.com> a écrit :
Hello,

Since we have upgraded from Monit 5.20.0 to 5.27.0 with have an issue with certificate verification.

It seems broken as it cannot maanged to retrieve the certificate expiration and it warn about a self signed certificate when it is not the case.

We are using the linux-x64 binary version from the website.

We have two rules:
------------------------------------------
if failed port 443 protocol https with ssl options {verify: enable} and certificate valid > 10 days for 5 cycles then alert
if failed port 443 protocol https request "/" with content ="xxxxxxx" for 5 cycles then alert
-------------------------------------------

We tried to change the part "with ssl options {verify: enable}" to "with ssl options {selfsigned: allow}" without any success.

Also regarding the documentation enhancement, we had to put the part "with ssl options {selfsigned: allow}" after the part 'request "/" with content ="xxxxxxx"' else Monit configuration syntax was failing. It would be good to provide a sample in documentation.

In the global configuration file, the ssl setting was set to

set ssl {
     verify     : enable,
}

We tried to add the new parameter "version" but it doesn't solved the issue.

set ssl {
     version: auto,
     verify     : enable,
}

Could anyone provide some guidance for this case ?

Best Regards.


--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT d(+) s++:- a C++$ ULC(+)>+++$ !P--- L+>$ !E---? W+++$ !N* !o-- K--? w(+) !O---? !M- !V--? PS+? !PE Y+ PGP++>+++ !t-- !5 !X- R(+)>++* tv-? b(-) DI !D- G(+)>+ e+++ h--() r->$ y?*
------END GEEK CODE BLOCK------
reply via email to
[Prev in Thread] Current Thread [Next in Thread]