When using HTTPS web scenarios, if the domain name you're using to access the server, does not match the Certificate CN you'll get something like the following:
This is pretty common because normally your external domain will be something like www.yoursite.com and your internal DNS name for it will be web1.sjc.yoursite.com or something similar.
I've written a patch for zabbix_server to disable CURLOPT_SSL_VERIFYHOST option. You'll need to apply the patch to src/zabbix_server/httppoller/httptest.c, and recompile zabbix_server binary.
I've tested it on 1.4.1 and 1.4.2.
I wrote about it on my site, and there are more detailed instructions there as well.
Code:
Failed on "HTTPS Test" [1 of 1] Error: SSL peer certificate was not ok
I've written a patch for zabbix_server to disable CURLOPT_SSL_VERIFYHOST option. You'll need to apply the patch to src/zabbix_server/httppoller/httptest.c, and recompile zabbix_server binary.
I've tested it on 1.4.1 and 1.4.2.
I wrote about it on my site, and there are more detailed instructions there as well.
Code:
--- src/zabbix_server/httppoller/httptest.c 2007-08-20 12:22:22.000000000 -0700
+++ src/zabbix_server/httppoller/httptest.c.dp 2007-11-13 17:53:54.000000000 -0800
@@ -318,6 +318,15 @@ static void process_httptest(DB_HTTPTEST
return;
}
+ /* Process certs whose hostnames do not match the queried hostname. */
+ if(CURLE_OK != (err = curl_easy_setopt(easyhandle,CURLOPT_SSL_VERIFYHOST , 0)))
+ {
+ zabbix_log(LOG_LEVEL_ERR, "Cannot set CURLOPT_SSL_VERIFYHOST [%s]",
+ curl_easy_strerror(err));
+ (void)curl_easy_cleanup(easyhandle);
+ return;
+ }
+
lastfailedstep=0;
httptest->time = 0;
result = DBselect("select httpstepid,httptestid,no,name,url,timeout,posts,required,status_codes from httpstep where httptest
id=" ZBX_FS_UI64 " order by no",
Comment