I use the virtual appliance from checkmk v2 (2.0.0p15 (CME)) and I am trying to configure an active smtp check with starttls on port 25.
When I do so I get a warning: TLS not supported by server
But I know that it works because: openssl s_client -starttls smtp -connect $my.fqdn.com:25
works just fine.
Any ideas?
You need to set this checkbox:
I can’t reproduce this.
I have two active checks configured, both with STARTTLS, both working. 
Your error says something else, but let me ask you anyways: Are your certificates presented global-signed or self-signed? Is the certificate chain complete?
Global signed with a wildcard, cert chain is complete
And when I test with openssl everything works fine - that wouldn’t be the case if there would be problems with the cert
Just to be clear here: the openssl s_client ... was called from the same monitoring host that executes the check?
yes - exactly. And now I write something to get 20 characters full 
I found the problem probably - openssl is too old on the appliance since the appliance is based on Debian 9.
Ok, now I am on 2.1.0p10 and when I check “STARTTLS” I get “TLS not supported by this server”.
openssl s_client works fine.
I found the solution. I had to set the FQDN. Our mail-server forbids a helo like “HELO cm”, thus it failed. With the normal check there is just a 550 and it works. But with STARTTLS it kind of fails silently.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
