Moved from the discussion forum:
As you can see below curl is fine with the certificate, on the other hand my web site monitor is getting "Fail - Error: SSL connect error" Not the most useful error message and the server log file is not any better:
12973:20110408:133530.979 Web scenario step [WPIFP_Status_PageisplaySystemStatus] error: error doing curl_easy_perform: SSL connect error
Ubuntu 10.4 LTS, Zabbix 1.8.4 compiled from source.
root@ctsms2:~# curl https://express.rwsol.com/roi/servle...yAction=Status
<HTML><HEAD><TITLE>Status</TITLE></HEAD><BODY><H1>Status: GREEN</H1></BODY></HTML>
root@ctsms2:~#
root@ctsms2:~# openssl s_client -connect express.rwsol.com:443 < /dev/null 2>&1
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=Wisconsin/L=Waukesha/O=Connecture, Inc/OU=IT/OU=Terms of use at www.verisign.com/rpa (c)05/CN=express.rwsol.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIQZkdxU4VHBi22/NLKI+D0ADANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbm MuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZX JtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMD EvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRz MwHhcNMTAxMTAx
MDAwMDAwWhcNMTExMjMxMjM1OTU5WjCBrDELMAkGA1UEBhMCVV MxEjAQBgNVBAgT
CVdpc2NvbnNpbjERMA8GA1UEBxQIV2F1a2VzaGExGDAWBgNVBA oUD0Nvbm5lY3R1
cmUsIEluYzELMAkGA1UECxQCSVQxMzAxBgNVBAsUKlRlcm1zIG 9mIHVzZSBhdCB3
d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEaMBgGA1UEAxQRZX hwcmVzcy5yd3Nv
bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALxPy9 Vjf+tgOVKKNV1e
dD8CBbG0zJaECwwYU2F/sCaVide18Cia1oGokMD9c1HI8zxkr02JnuB/waV5eSca
odJ3RMJj4Wyy1gj8UizV5lGTElJiZscbFxwGLaz5XzSFHb5o54 xqjvShGCXnxM0J
Q+sUXwBCDcTYhtgRQAPknS2ZAgMBAAGjggHRMIIBzTAJBgNVHR MEAjAAMAsGA1Ud
DwQEAwIFoDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vU1ZSU2 VjdXJlLUczLWNy
bC52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY3JsMEQGA1UdIA Q9MDswOQYLYIZI
AYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudm VyaXNpZ24uY29t
L3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHw YDVR0jBBgwFoAU
DURcFlNEwYJ+HSCrJfQBY9i+eaUwdgYIKwYBBQUHAQEEajBoMC QGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQAYIKwYBBQUHMA KGNGh0dHA6Ly9T
VlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cm VHMy5jZXIwbgYI
KwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHz AHBgUrDgMCGgQU
S2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udm VyaXNpZ24uY29t
L3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBkFabUxI NtVHRryj41mdU7
hHLSryW2wxo+HTeO4akaWGlVrYmCtxqolXhxclOYL+0W+TS8ak/+FjcZAEZl05nZ
/srWOEW2I0RrMghh0N8dDlpdoJSFWY2S2JLvKcrxNgqpH5t4ExU xxZTqYzbDoU6n
QXW7h3sGA9V+7f2tA8E3MOAQt3CnYUdQO0CUo6cKc2XG3n/srgmJxkRBBQEX/pXE
az++GNVQGla5uLaWoiKdhgAJGL2E1b4cF4fPDskwe3z6jCLH+q LtSfqQgpDLT6i0
oiVETQd0AMkgC7H2mBkUL/2Fg59fJE8Fg0DMkSY6yM8OSJM5tTzbhZpaA6JeD6jO
-----END CERTIFICATE-----
subject=/C=US/ST=Wisconsin/L=Waukesha/O=Connecture, Inc/OU=IT/OU=Terms of use at www.verisign.com/rpa (c)05/CN=express.rwsol.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4260 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 1E7D83B4D48052683952D1C62A4BCFA29E9E06B88787185035 4E438307ABB481
Session-ID-ctx:
Master-Key: 0B404878DB94DB0D78E7B99D0BF5868FCA6C68E53F3D3FC01E 0C2CBC3FD8CFF59AC306148BAF61BE6B0E4C5F0913B92C
Key-Arg : None
Start Time: 1302286229
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
root@ctsms2:~#
As you can see below curl is fine with the certificate, on the other hand my web site monitor is getting "Fail - Error: SSL connect error" Not the most useful error message and the server log file is not any better:
12973:20110408:133530.979 Web scenario step [WPIFP_Status_PageisplaySystemStatus] error: error doing curl_easy_perform: SSL connect error
Ubuntu 10.4 LTS, Zabbix 1.8.4 compiled from source.
root@ctsms2:~# curl https://express.rwsol.com/roi/servle...yAction=Status
<HTML><HEAD><TITLE>Status</TITLE></HEAD><BODY><H1>Status: GREEN</H1></BODY></HTML>
root@ctsms2:~#
root@ctsms2:~# openssl s_client -connect express.rwsol.com:443 < /dev/null 2>&1
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=Wisconsin/L=Waukesha/O=Connecture, Inc/OU=IT/OU=Terms of use at www.verisign.com/rpa (c)05/CN=express.rwsol.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIQZkdxU4VHBi22/NLKI+D0ADANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbm MuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZX JtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMD EvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRz MwHhcNMTAxMTAx
MDAwMDAwWhcNMTExMjMxMjM1OTU5WjCBrDELMAkGA1UEBhMCVV MxEjAQBgNVBAgT
CVdpc2NvbnNpbjERMA8GA1UEBxQIV2F1a2VzaGExGDAWBgNVBA oUD0Nvbm5lY3R1
cmUsIEluYzELMAkGA1UECxQCSVQxMzAxBgNVBAsUKlRlcm1zIG 9mIHVzZSBhdCB3
d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEaMBgGA1UEAxQRZX hwcmVzcy5yd3Nv
bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALxPy9 Vjf+tgOVKKNV1e
dD8CBbG0zJaECwwYU2F/sCaVide18Cia1oGokMD9c1HI8zxkr02JnuB/waV5eSca
odJ3RMJj4Wyy1gj8UizV5lGTElJiZscbFxwGLaz5XzSFHb5o54 xqjvShGCXnxM0J
Q+sUXwBCDcTYhtgRQAPknS2ZAgMBAAGjggHRMIIBzTAJBgNVHR MEAjAAMAsGA1Ud
DwQEAwIFoDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vU1ZSU2 VjdXJlLUczLWNy
bC52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY3JsMEQGA1UdIA Q9MDswOQYLYIZI
AYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudm VyaXNpZ24uY29t
L3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHw YDVR0jBBgwFoAU
DURcFlNEwYJ+HSCrJfQBY9i+eaUwdgYIKwYBBQUHAQEEajBoMC QGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQAYIKwYBBQUHMA KGNGh0dHA6Ly9T
VlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cm VHMy5jZXIwbgYI
KwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHz AHBgUrDgMCGgQU
S2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udm VyaXNpZ24uY29t
L3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBkFabUxI NtVHRryj41mdU7
hHLSryW2wxo+HTeO4akaWGlVrYmCtxqolXhxclOYL+0W+TS8ak/+FjcZAEZl05nZ
/srWOEW2I0RrMghh0N8dDlpdoJSFWY2S2JLvKcrxNgqpH5t4ExU xxZTqYzbDoU6n
QXW7h3sGA9V+7f2tA8E3MOAQt3CnYUdQO0CUo6cKc2XG3n/srgmJxkRBBQEX/pXE
az++GNVQGla5uLaWoiKdhgAJGL2E1b4cF4fPDskwe3z6jCLH+q LtSfqQgpDLT6i0
oiVETQd0AMkgC7H2mBkUL/2Fg59fJE8Fg0DMkSY6yM8OSJM5tTzbhZpaA6JeD6jO
-----END CERTIFICATE-----
subject=/C=US/ST=Wisconsin/L=Waukesha/O=Connecture, Inc/OU=IT/OU=Terms of use at www.verisign.com/rpa (c)05/CN=express.rwsol.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4260 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 1E7D83B4D48052683952D1C62A4BCFA29E9E06B88787185035 4E438307ABB481
Session-ID-ctx:
Master-Key: 0B404878DB94DB0D78E7B99D0BF5868FCA6C68E53F3D3FC01E 0C2CBC3FD8CFF59AC306148BAF61BE6B0E4C5F0913B92C
Key-Arg : None
Start Time: 1302286229
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
root@ctsms2:~#
Comment