check_http, SSL, and DoD
John Oliver
joliver at john-oliver.net
Tue Dec 8 23:04:44 CET 2009
Does anyone have a hack to let check_http -S work on DoD hosts?
[joliver at services4 ~]$ openssl s_client -connect
infosec.navy.mil:443 CONNECTED(00000003)
depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=infosec.navy.mil
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=infosec.navy.mil
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=infosec.navy.mil
verify error:num=21:unable to verify the first certificate
verify return:1
12244:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1053:SSL alert number 40
12244:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
It would need to be trust DoD root and intermediate certs, and probably
to present a client certificate as well.
I suppose getting it to accept the "handshake failure" as success would
be a stopgap.
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list