Error message:CRITICAL - Cannot make SSL connection.
Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
I want to check some appliances like switches. All of them are accessable via https, but all of them use a self signed certificate, some of them are outdated.
=> How to I check the website ignoring a self signed cert and ignoring the lifetime of the cert?
If dealing with Self-Signed certificates a/the system checking ( in your case CMK) will try to resolve a/the CA-path/certificate which signed the certificate.
This means you would need to add your self-signed certificate also as a trusted CA-certificate to your CMK-box so when the certificate is checked it can lookup itself as CA-certificate.
update
I dug a bit deeper, and tested it on a RockyLinux9.3 box ( quite similar to CentOS8)
To start out i had a certificate which when i tried to pull something over curl complained about the certificate in use from the box:
[root@monitor ~]# curl https://testbox.mydomain.test
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
To solve this issue i needed to add the certificate to the CA-truststore on the system, so that curl no longer complains about the issuer.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.