On 11.10.19 11:10, stephen.wea...@bluesky.co.uk wrote:
> Hi All
> 
> I have a customer with their own on site servers that we monitor for them,
> unfortunately one of the servers is Windows 2003 with IIS6, it is running
> very old custom CMS, my problem is the SSL on the CMS is TLS v1
> and the SSL certificate expiry check in Check_MK does seem to work
> over TLS v1.
> 
> Anyone know if TLS v1 can be enabled for the SSL Certificate Check in
> Check_MK version 1.5.0p19?

This is often an issue with the underlying Linux distribution disabling
older TLS versions by default. E.g. Debian 10 does it in
/etc/ssl/openssl.cnf:

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2


You can create a customized copy of openssl.cnf in $OMD_ROOT/etc and
remove these lines.

Add this line to $OMD_ROOT/etc/environment:

OPENSSL_CONF=$OMD_ROOT/etc/openssl.cnf

and restart your site.

After that the OpenSSL libraries should connect again to older TLS servers.

Regards
-- 
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

https://www.heinlein-support.de

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
Manage your subscription or unsubscribe
https://lists.mathias-kettner.de/cgi-bin/mailman/listinfo/checkmk-en

Reply via email to