CMK version:
2.1.0p30
OS version:
Red Hat Enterprise Linux release 9.3 (Plow)
Error message:
Mar 15 12:56:39 hostname002 cmk-agent-ctl[948]: WARN [cmk_agent_ctl::modes::pull] [::ffff:141.36.180.25]:42154: Request failed. (invalid peer certificate contents: invalid peer certificate: UnknownIssuer)
Mar 15 12:57:38 hostname002 systemd[1]: Started Checkmk agent (PID 948/UID 985).
Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
no command
Hi,
is it possible and how to configure agent receiver on omd server port 8000 to allow official certificates to mute security scanner.
the error in case of official certs in checkMK GUI is:
[agent] Communication failed: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:2633)WARN , Got no information from hostWARN , execution time 0.1 sec
btw.
curl is working with official certs on remote server:
…
Server certificate:
- subject: C=DE; O=xya; OU=xyz; CN=x.y.z; L=xyz; ST=xyz
- start date: May 22 09:11:18 2023 GMT
- expire date: May 21 09:11:18 2025 GMT
- issuer: DC=com; DC=xyz; DC=PKI; CN=CA
- SSL certificate verify ok.
curl is also not working with default omd selfsigned cert:
subject=CN = Site ‘testsite’ local CA
issuer=CN = Site ‘testsite’ local CA
notBefore=Jul 25 10:03:09 2023 GMT
notAfter=Nov 25 10:03:09 3021 GMT
- Server certificate:
- subject: CN=testsite
- start date: Jul 25 10:03:09 2023 GMT
- expire date: Nov 25 10:03:09 3021 GMT
- issuer: CN=Site ‘testsite’ local CA
- SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
omd stunnel configuration is no option.
Thank you for any hint,
Best regards
GC