我正在設置Nagios/Icinga監控系統來監控我的環境。我想通過check_ssl_cert監控我的SSL證書,因爲它不適用於所有網站。Nagios check_ssl_cert錯誤:SSL_CERT CRITICAL:錯誤:驗證深度爲6
我的命令:
/usr/lib/nagios/plugins/check_ssl_cert -c 7 -w 28 -H 141.85.37.43 -r /etc/ssl/certs/
回報:SSL_CERT CRITICAL: Error: verify depth is 6
(141.85.37.43僅僅是一個例子ADRESS,不是我自己的,但犯同樣的錯誤)。
,如果我嘗試
# openssl s_client -connect ftp.myDomain.de:443
CONNECTED(00000003)
140037719324328:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:741:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 320 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
或
# curl https://ftp.myDomain.de:443 -v
* About to connect() to ftp.myDomain.de port 443 (#0)
* Trying 212.xxx.xxx.xxx...
* connected
* Connected to ftp.myDomain.de (212.xxx.xxx.xxx) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection #0
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
我使用所謂ftp.myDomain.de
一個Ubuntu系統上crushFTP。我可以使用它與https://ftp.myDomain.de
沒有任何問題。 該證書作爲.pem文件安裝並通過驗證vom Thawte。
我的證書有問題嗎?
可悲的不是。驗證深度設置爲16,但這不是問題本身。是與ssl-v3的東西,看到我的「awnser」 – Max