When using HTTPS web scenarios, if the domain name you're using to access the server, does not match the Certificate CN you'll get something like the following:

Code:

Failed on "HTTPS Test" [1 of 1] Error: SSL peer certificate was not ok

This is pretty common because normally your external domain will be something like www.yoursite.com and your internal DNS name for it will be web1.sjc.yoursite.com or something similar.

I've written a patch for zabbix_server to disable CURLOPT_SSL_VERIFYHOST option. You'll need to apply the patch to src/zabbix_server/httppoller/httptest.c, and recompile zabbix_server binary.

I've tested it on 1.4.1 and 1.4.2.

I wrote about it on my site, and there are more detailed instructions there as well.

Code:

— src/zabbix_server/httppoller/httptest.c 2007-08-20 12:22:22.000000000 -0700
+++ src/zabbix_server/httppoller/httptest.c.dp 2007-11-13 17:53:54.000000000 -0800
@@ -318,6 +318,15 @@ static void process_httptest(DB_HTTPTEST
return;
}

+ /* Process certs whose hostnames do not match the queried hostname. */
+ if(CURLE_OK != (err = curl_easy_setopt(easyhandle,CURLOPT_SSL_VERIFYHOST , 0)))
+

{ + zabbix_log(LOG_LEVEL_ERR, "Cannot set CURLOPT_SSL_VERIFYHOST [%s]", + curl_easy_strerror(err)); + (void)curl_easy_cleanup(easyhandle); + return; + }

+
lastfailedstep=0;
httptest->time = 0;
result = DBselect("select httpstepid,httptestid,no,name,url,timeout,posts,required,status_codes from httpstep where httptest
id=" ZBX_FS_UI64 " order by no",