Differences

This shows you the differences between two versions of the page.

--- monitors:sslname.sh [2015/11/10 03:59] – [Description] jccleaver
+++ monitors:sslname.sh [2015/11/10 13:12] – [Changelog] jccleaver
@@ Line 33: / Line 33: @@
         CMD /etc/xymon/ext/sslname.sh
         LOGFILE /var/log/xymon/sslname.log
+        INTERVAL 5m
 </code>
@@ Line 89: / Line 90: @@
    # TODO: We should loop over all common names and try to figure out what the relevant URLs are below
    #   For now, we sort and take the first one.
-    COMMONNAME="`echo \"$SSLDATA\" | grep CN= | perl -pe 's/^.*CN=([\w\.\-\*]+).*$/\1/' | sort | uniq | head -n 1`"
+    COMMONNAME="`echo \"$SSLDATA\" | grep -v issuer: | grep CN= | perl -pe 's/^.*CN=([\w\.\-\*]+).*$/\1/' | sort | uniq | head -n 1`"
     if [ -z "$COMMONNAME" ] ; then
 	echo "Couldn't find a 'common name' for $THISHOST..." >&2
@@ Line 145: / Line 146: @@
 ===== Known Bugs and Issues =====
-This is targeted mainly at %%https://%% tests; YMMV with "sslcert" results from other types of tests (imaps, smtps, pop3s, etc).
+sslcert tests that are a result of multiple SSL_enabled services tested by xymonnet should be tested individually against the URLs (or server name) in question and the worst state flagged.
+Wildcards are handled via regex, however this will lead to a false negative if your wildcard is for a more root-ward subdomain. Eg, *.example.net will be seen as an acceptable common name for https://server.dc.example.net/ when it really isn't.
+This was targeted mainly at %%https://%% tests; "sslcert" results from other types of tests (imaps, smtps, pop3s, etc) are tested against the server name only. YMMV.
 ===== To Do =====
@@ Line 154: / Line 159: @@
 ===== Changelog =====
+  * **2015-11-10**
+    * Minor bug fixes and clean-up
   * **2012-04-27**