search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
368 stars 132 forks source link

Problem with actual version #330

Closed matteocorti closed 2 years ago

matteocorti commented 2 years ago

Discussed in https://github.com/matteocorti/check_ssl_cert/discussions/329

Originally posted by **berndschneider5** October 20, 2021 Hello, we had a old version running in our Nagios 4.4.3. It was Version 1.84.0. This Version works very well without any issues. The nagios software is installed on a RHEL 7.9 with OpenSSL Version: OpenSSL 1.0.2k-fips 26 Jan 2017 Now we updated to version 2.10.2 because we want to use some new features off this script. Now we have two problems: 1. We have some servers with RSA and EC certificates installed. so we use the options --ecdsa and --rsa. --ecdsa works as before, but when we use --rsa, than we get this errors message: SSL error: Error with command: "-sigalgs RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" 2. All our certificate checks yesterday evening run into critical stae. tests before were ok, and i have no idea why this happened. the checks ran into a time out 60.01. and a forcecheck to try again failed. the timestamp for the last check attribute has not changed. i was not able to check again. so i had to implement the old version of the script, and then everythink worked again. kind Regards Bernd
matteocorti commented 2 years ago

It's a bug. We try use ciphers that are not supported (with PSS)