SSLCertMonitor not detecting expired certificates

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSLCertMonitor not detecting expired certificates

paisano
OpenNMS Horizon 20.0.0
RHEL 6.7

I can't get the SSLCertMonitor to work at all.  For example,
$ echo | openssl s_client -connect vandal:9443 2>/dev/null | openssl x509 -noout -dates           
notBefore=Feb 24 14:57:42 2014 GMT
notAfter=Feb 24 14:57:42 2017 GMT
SSLCertMonitor fails to detect this expired cert.  

The relevant config:
    <service name="SSL-Cert-HTTPS-9443" interval="60000" user-defined="false" status="on">
      <parameter key="retry" value="2"/>
      <parameter key="timeout" value="3000"/>
      <parameter key="port" value="9443"/>
      <parameter key="days" value="7"/>
    </service>

Any suggestions?  Is it a bug?
Reply | Threaded
Open this post in threaded view
|

Re: SSLCertMonitor not detecting expired certificates

Holger Goßmann (SSC)
Hi,

do you have the correspondig monitor entry?


-----Ursprüngliche Nachricht-----
Von: paisano [mailto:[hidden email]]
Gesendet: Mittwoch, 28. Juni 2017 16:42
An: [hidden email]
Betreff: [opennms-discuss] SSLCertMonitor not detecting expired certificates

OpenNMS Horizon 20.0.0
RHEL 6.7

I can't get the SSLCertMonitor to work at all.  For example,

SSLCertMonitor fails to detect this expired cert.  

The relevant config:


Any suggestions?  Is it a bug?



--
View this message in context:
http://opennms.530661.n2.nabble.com/SSLCertMonitor-not-detecting-expired-cer
tificates-tp7595703.html
Sent from the OpenNMS - discuss mailing list archive at Nabble.com.

----------------------------------------------------------------------------
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this
page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss
Reply | Threaded
Open this post in threaded view
|

Re: SSLCertMonitor not detecting expired certificates

paisano
Hi Holger,

Thanks for replying.

You got me to take another look at the monitor and I noticed it had a wrong syntax.  I fixed that and now SSLCertMonitor is working!