mstyx
September 7, 2022, 10:14am
1
CMK version:
OS version:
Error message:
Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
Hello Community,
i will secure my chkmk Login. I go straight to: chkmk https manual
*Yes i import my .CER File… without errors
And after a HTTPS Setup from the ChkMK Manual, my Web GUI is gone…
I do this:
And get the Answer:
user@chkmk:~$ curl -v -I https://IP_CHKMK/MYSIDE/check_mk/login.py
Trying IP_CHKMK:443…
Connected to IP_CHKMK (IP_CHKMK) port 443 (#0 )
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Closing connection 0
In my opinion, the file is still missing: *.key ??
MarcK
September 7, 2022, 10:46am
2
Did you do a “su - SITENAME” ??
gstolz
September 7, 2022, 10:53am
3
Apache itself is completely happy with the config and cert + key files?
what do you mean with:
1 Like
MarcK
September 7, 2022, 10:56am
4
Try to open the main web server homepage in a browser with https.
mstyx
September 7, 2022, 11:08am
5
Thanks for fast reply
By the way, i’m new at chkMK
mstyx
September 7, 2022, 11:13am
6
SSL Labs Doku tell’s:
Take the stress out of SSL installation and let our tech experts take care of it! After your Certificate is issued by the Certificate Authority, you’re ready to begin installation on your Apache server. Note: Sometimes, the “Permission Denied” error...
Est. reading time: 4 minutes
SSLCertificateFile pointed to the location of the Certificate issued for your domain name
SSLCertificateKeyFile pointed to the location of your Private Key on the server.
therefore my question, it could be that it is different here
MarcK
September 7, 2022, 11:16am
7
For the " cmk --debug -vvn hostname " command, you have to be the site-user.su - YOURSITENAME
mstyx
September 7, 2022, 11:18am
8
JUP! i need a *.key file…
MarcK
September 7, 2022, 11:20am
9
Securing the web interface with HTTPS
mstyx
September 7, 2022, 12:45pm
10
or, a “new” error msg
after doing point 1-3 , i use the curl command… with HTTPS =>
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
then i read some article about my erreor msg on stackoverflow (1) my Vhost File looks like:
i do the same curl command for chkmk without the HTTPS - HTTP only, and i see:
HTTP/1.1 302 Found
Sadly, no Browser will show me the chkmk login Page
(1)
MarcK
September 7, 2022, 1:12pm
11
Hmmm…default-ssl.conf -> <VirtualHost _default_:443>
In mods-enabled/ssl.conf is this:
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all -SSLv3
SSLv3 is excluded…
Did you enable port 443 in Apache ports.conf?!
If you are speaking German you might rather look at this article. We are still discussing some aspects of this article until it gets translated and moved to the 2.1.0 manual.
mstyx
September 8, 2022, 9:39am
13
Moinsen
german language is not a problem for me…
I have started to build according to these instructions, we have an “internal CA”.
We have “inhouse”: *.cer and *.crt - so i can skip some of it, and “pick” the rest together
the first thing I notice is that when I run: “openssl req” I get an error message. “req” (really? REQ)
Invalid command ‘reg’; type “help” for a list.
what package am i missing? so i can have “req” in debian bullseye?
req as in request, not reg (as in register or something)
1 Like
mstyx
September 23, 2022, 7:33am
15
How can i “tag” this threat as “Solved” ?!
Leaving this here because it may be helpful for others in the situation.https://www.youtube.com/watch?v=Q9b0F26FR20
)
