Does anyone have a hack to let check_http -S work on DoD hosts? [joli...@services4 ~]$ openssl s_client -connect infosec.navy.mil:443 CONNECTED(00000003) depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=infosec.navy.mil verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=infosec.navy.mil verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=infosec.navy.mil verify error:num=21:unable to verify the first certificate verify return:1 12244:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40 12244:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
It would need to be trust DoD root and intermediate certs, and probably to present a client certificate as well. I suppose getting it to accept the "handshake failure" as success would be a stopgap. -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
