Ad Widget

**Tenzer** · 11-05-2009, 09:47

I have seen this mentioned on the forum before. I believe it is related to the fact that you most properly have a self-signed certificate, and since the curl library checks the library when connecting, it simply refuses to talk to the webserver.

Search through the forums on this one, as I think there may have been a patch to disable this check, since it is hard coded in to the Zabbix server code.

**Calimero** · 11-05-2009, 13:56

Here's an excerpt from src/zabbix_server/httppoller/httptest.c in zabbix 1.6.1 (same in 1.6.4):

Code:

        /* Process self-signed certificates. Do not verify certificate. */
        if(CURLE_OK != (err = curl_easy_setopt(easyhandle,CURLOPT_SSL_VERIFYPEER , 0)))
        {
                zabbix_log(LOG_LEVEL_ERR, "Cannot set CURLOPT_SSL_VERIFYPEER [%s]",
                        curl_easy_strerror(err));
                (void)curl_easy_cleanup(easyhandle);
                return;
        }

        /* Process certs whose hostnames do not match the queried hostname. */
        if(CURLE_OK != (err = curl_easy_setopt(easyhandle,CURLOPT_SSL_VERIFYHOST , 0)))
        {
                zabbix_log(LOG_LEVEL_ERR, "Cannot set CURLOPT_SSL_VERIFYHOST [%s]",
                curl_easy_strerror(err));
                (void)curl_easy_cleanup(easyhandle);
                return;
        }

So it looks like zabbix_server is already permissive regarding SSL certs.

ashishshukla> what if you use curl (command line utility) with the verbose flag on the URL you intend to monitor ?
You could also try: "openssl s_client -connect 212.X.Y.Z:443" to see whether curl and openssl are able to connect.

**Tenzer** · 11-05-2009, 17:16

Originally posted by Calimero

So it looks like zabbix_server is already permissive regarding SSL certs.

Okay, then it's probably already corrected. But it may not be in the 1.4 series...

**ashishshukla** · 12-05-2009, 07:52

Hi ,
Firstly, Thanks a lot for giving important suggestions.

Calimero i tried the command ("openssl s_client -connect 212.X.Y.Z:443") and its working nicely (showing "CONNECTED").

But i need to see in zabbix GUI or monitoring in zabbix GUI. so need to see the speed and response time in regular basis as i monitor for all http sites.

Is there any commands or service in zabbix like in windows we can add the certificate and in /etc/host file if we add the server IP with host name then next time if i open https site then it will directly open the site means it will not ask for security alert....

Hence if its possible then easy to monitor https sites also in zabbix.

Thanks

**Tenzer** · 12-05-2009, 09:16

ashishshukla, what Zabbix version are you running?
As far as I am able to figure out, this was solved in the 1.4.3 version of Zabbix. See the following links for details:

Loading...

https://support.zabbix.com/browse/ZBX-166

We’ll be back soon!

http://www.zabbix.com/forum/showthread.php?t=8332