Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-166

SSL Web Scenario: Peer certificate was not ok

    XMLWordPrintable

    Details

      Description

      When using HTTPS web scenarios, if the domain name you're using to access the server, does not match the Certificate CN you'll get something like the following:

      Code:

      Failed on "HTTPS Test" [1 of 1] Error: SSL peer certificate was not ok

      This is pretty common because normally your external domain will be something like www.yoursite.com and your internal DNS name for it will be web1.sjc.yoursite.com or something similar.

      I've written a patch for zabbix_server to disable CURLOPT_SSL_VERIFYHOST option. You'll need to apply the patch to src/zabbix_server/httppoller/httptest.c, and recompile zabbix_server binary.

      I've tested it on 1.4.1 and 1.4.2.

      I wrote about it on my site, and there are more detailed instructions there as well.

      Code:

      — src/zabbix_server/httppoller/httptest.c 2007-08-20 12:22:22.000000000 -0700
      +++ src/zabbix_server/httppoller/httptest.c.dp 2007-11-13 17:53:54.000000000 -0800
      @@ -318,6 +318,15 @@ static void process_httptest(DB_HTTPTEST
      return;
      }

      + /* Process certs whose hostnames do not match the queried hostname. */
      + if(CURLE_OK != (err = curl_easy_setopt(easyhandle,CURLOPT_SSL_VERIFYHOST , 0)))
      +

      { + zabbix_log(LOG_LEVEL_ERR, "Cannot set CURLOPT_SSL_VERIFYHOST [%s]", + curl_easy_strerror(err)); + (void)curl_easy_cleanup(easyhandle); + return; + }

      +
      lastfailedstep=0;
      httptest->time = 0;
      result = DBselect("select httpstepid,httptestid,no,name,url,timeout,posts,required,status_codes from httpstep where httptest
      id=" ZBX_FS_UI64 " order by no",

        Attachments

          Activity

            People

            Assignee:
            alexei Alexei Vladishev
            Reporter:
            alexei Alexei Vladishev
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: