Can you check the Apache's access_log (or whatever it's name it is for the access log in your config) - the should be entries like for example:
The 401 is the error code in this example which is what you can configure in your httpd.conf or include file for it, afaik.
When you reproduce that "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" error, you should check what kind of entry you get added in the access log I mentioned above. Maybe you can write a directive for that then like mentioned in one of my former answers.
Hi there,
Please help, anyone know where to download latest Mod_SSL patch for Apache server v2.0.49 . Have tried www.apache.org but there is not latest patch available. (8 Replies)
hi folks,
I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga).
I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error:
# /etc/init.d/httpd start
Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your... (0 Replies)
I’m using the below snipped for setting the certificate and key for client authentication.
curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem");
curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit");
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM"); ... (2 Replies)
Hi,
I am trying to call a http soap webservice using curl command , I have tried the below option but I am getting a failure .
curl -H "Content-Type: text/xml; charset=utf-8" -H SOAPAction:" -d @Request.xml -X POST... (1 Reply)
I have to call a webservice , I need to pass the static request from Unix which should have message signing details in the soap header . I am using cURL command for this. I do not have java , I need to do it through Unix only .
Below is the kind of Soap envelop I want to wrap around my request .... (0 Replies)
Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? "
A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Hi,
Anyone know how and where to download mod_ssl package into Red Hat Enterprise Linux Server release 5.6 Beta (Tikanga) ?
could you also show what's the procedure to apply the mod_ssl into the server and how to apply the digital cert into apache server and so on.
Thanks. (1 Reply)
:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl.
I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key.
I don't see google posts about the my plan... (4 Replies)
We have a HPUX server that talks to a web service. We recently updated the web service certificate to a new SHA256 cert that has an updated intermediate cert. The HPUX server is now unable to connect because it cannot validate the cert chain due to it not having the new intermediate CA cert.
I... (0 Replies)
Hello Team,
I have to verify the Client server certificate validation in HTTPS request(SSL hand shake before the actual HTTPS post request), And tried various ways and failed to verify it successfully.
here are the trials and errors,
resp = requests.post(url, req, verify=True, timeout=5,... (0 Replies)
Discussion started by: chandana.hs
0 Replies
LEARN ABOUT DEBIAN
check_ssl_cert
check_ssl_cert(1) USER COMMANDS check_ssl_cert(1)NAME
check_ssl_cert - checks the validity of X.509 certificates
SYNOPSIS
check_ssl_cert -H host [OPTIONS]
DESCRIPTION
check_ssl_cert A Nagios plugin to check an X.509 certificate:
- checks if the server is running and delivers a valid certificate
- checks if the CA matches a given pattern
- checks the validity
ARGUMENTS -H,--host host
server
OPTIONS -A,--noauth
ignore authority warnings (expiration only)
--altnames
matches the pattern specified in -n with alternate names too
-C,--clientcert path
use client certificate to authenticate
--clientpass phrase
set passphrase for client certificate.
-c,--critical days
minimum number of days a certificate has to be valid to issue a critical status
-e,--email address
pattern to match the email address contained in the certificate
-f,--file file
local file path (works with -H localhost only)
-h,--help,-?
this help message
-i,--issuer issuer
pattern to match the issuer of the certificate
-n,---cn name
pattern to match the CN of the certificate
-N,--host-cn
match CN with the host name
-o,--org org
pattern to match the organization of the certificate
--openssl path
path of the openssl binary to be used
-p,--port port
TCP port
-P,--protocol protocol
use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)
-s,--selfsigned
allows self-signed certificates
-r,--rootcert cert
root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
-t,--timeout
seconds timeout after the specified time (defaults to 15 seconds)
--temp dir
directory where to store the temporary files
-v,--verbose
verbose output
-V,--version
version
-w,--warning days
minimum number of days a certificate has to be valid to issue a warning status
DEPRECATED OPTIONS -d,--days days
minimum number of days a certificate has to be valid (see --critical and --warning)
SEE ALSO x509(1), openssl(1), expect(1)EXIT STATUS
check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems
BUGS
Please report bugs to: Matteo Corti (matteo.corti (at) id.ethz.ch)
AUTHOR
Matteo Corti (matteo.corti (at) id.ethz.ch) See the AUTHORS file for the complete list of contributors
1.13.0 April, 2012 check_ssl_cert(1)