Hello, I am using check_http 2.1.2 with Nagios to check a remote URL, that requires a client certificate.
I have been trying to use options -J and -K with no luck, because the remote server seems to refuse my certificate, with error : CRITICAL - Cannot make SSL connection. error:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1259:SSL alert number 48. >From what I understand, This error happens because I don't have a way to provide the certificate chain also. So, I have searched a while, and found out that if I call SSL_CTX_use_certificate_chain_file() instead of SSL_CTX_use_certificate_file() in plugins/sslutils.c (line 92), my problem is solved, since I am now able to provide a full chain with option -J (PEM file with client certificate followed by the certificate chain). Is this the good way to solve my issue ? If yes, could you take this change into account in future releases ? Best regards, Stefan
