check_http not working properly with SSL option when only TLS is supported

13 posts / 0 new
Last post
wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
check_http not working properly with SSL option when only TLS is supported

Hello,

I am trying to use check_http for SSL web servers. It works for web servers that support at least still SSLv3 but fails on servers that do no longer support SSLv2 and SSLv3 and only TLSv1 and newer.

Can you please update Nagwin to support such web servers? Thanks!

Kai-Uwe Rommel

 

itefix
Offline
Last seen: 6 hours 29 min ago
Joined: 01.05.2008 - 21:33
check_http we provide is a

check_http we provide is a plain distribution from  Nagios plugins. Can you give us working and non-working examples ? It may be related to the OpenSSL version.

wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
D:\Nagios\plugins>check_http

D:\Nagios\plugins>check_http -H isaak.ars.de -p 38443 -u /webconsole/login -S
HTTP OK: HTTP/1.1 200 OK - 26127 bytes in 0.332 second response time |time=0.331901s;;;0.0

D:\Nagios\plugins>check_http -H www.ars.de -p 443 -u /web -S
CRITICAL - Cannot make SSL connection
HTTP CRITICAL - Error on receive

The first host is an internal server here and it supports SSLv3 and TLS up to 1.2 and uses a self certified certificate.

The second host is our official web server and only supports TLS 1.0 and TLS 1.2 and has a certificate issued by COMMODO.

The same error happens with check_tcp as well.

D:\Nagios\plugins>check_http --version
check_http v1.4.15 (nagios-plugins 1.4.15)

Perhaps you need to switch to current plugins for your distribution? On http://nagios-plugins.org/ it says 2.0.3 is current ...

The 1.4.15 does also not accept an argument to --ssl that newer version do support to select the protocol level.

 

 

itefix
Offline
Last seen: 6 hours 29 min ago
Joined: 01.05.2008 - 21:33
Latest available Nagwin

Latest available Nagwin (2.4.0) has v2.0.2 of the supported Nagios Plugins. Consider to upgrade.

wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
Thanks for pointing out the

Thanks for pointing out the possible upgrade.

Unfortunately, I cannot download the file. Somehow the file area is broken. I see the file and that I still can download it, but there is no download button or link ... or did my subscription run out and I have to renew? It says "Purchased 20/02/2014".

itefix
Offline
Last seen: 6 hours 29 min ago
Joined: 01.05.2008 - 21:33
It seems that your free

It seems that your free support and upgrade protection period ended on 02.02.2015. Please consider to renew. 

wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
How do I renew - simply buy

How do I renew - simply buy new?

itefix
Offline
Last seen: 6 hours 29 min ago
Joined: 01.05.2008 - 21:33
Yes, that's the case - we

Yes, that's the case - we offer three prepaid support and upgrade protection alternatives - 1 (included) year, 2 years (add 40%) or 3 years (add 80%).

wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
Ok, so I purchased a new

Ok, so I purchased a new license with 3 years of support.

 

Now the nagwin.zip file name turns into a download link. But when I click on it I only get an error message "The following URL is not a valid download link. Please contact the site administrator if this message has been received in error.".

Please advise.

itefix
Offline
Last seen: 6 hours 29 min ago
Joined: 01.05.2008 - 21:33
Soryy for the problem. It's

Soryy for the problem. It's now fixed.

wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
check_http and check_tcp now work with TLS

So, THIS problem solved.

 

But ... the four services do not start any longer. All I get is an error about the service not responding (error 1053).

And in the Windows event log messages like this:

"A timeout was reached (30000 milliseconds) while waiting for the Nagwin_Nagiosfcgi service to connect."

But the error messages when trying to start the services comes immediately (not after 30 seconds).

What's wrong now? How can I debug this?

 

I'm getting tired of one problem after another ...

 

itefix
Offline
Last seen: 6 hours 29 min ago
Joined: 01.05.2008 - 21:33
Please take a backup copy of

Please take a backup copy of your configuration files in /etc/nagios and reinstall Nagwin. There maybe 32-bit/64-bit conflicts.

wuesten_fuchs
Offline
Last seen: 2 months 6 days ago
Joined: 20.02.2014 - 21:16
I have already completely

I have already completely uninstalled Nagwin and removed every trace. Then reinstalled and left config files on default - same error.