Forum

Monitor fail to fetch stats when using SSL

AxAn
10 March 2015, 09:33
I have a test server and a monitor server set up and everything works as it should.
But when I enable SSL (SSLcertFile) on the test server and check the "SSL" checkbox in the monitor gui, and run "fetch_webserver_logs -d" I get:
Error while getting statistics logfile index from webserver

I looked in fetch_webserver_logs and after line 145 I do:
printf("%s\n",$result["status"]);

This prints a zero (0).

The SSL certificate is good. From a better website and works good in webpages and get a "A+" on SSLLabs.com.

Could it have something to do with accessing the server by ip-address and not it's domain, so the SSL certificate force a warning (like in a browser)?

Do you have any thoughts why this would happen?

Hiawatha version: 9.12
Operating System:
Hugo Leisink
11 March 2015, 09:42
Dod you also set the port to 443 or is it still at 80?
AxAn
11 March 2015, 09:57
Yes, I set the port to 443
Hugo Leisink
11 March 2015, 10:00
Uhh, than I have no idea. I'm using SSL/TLS for fetching the logs from one webserver myself. So, it should work. I have no idea what goes wrong in your case.

The download script only uses the IP address for the connection. The hostname 'monitor' will be used in the HTTP request. It works for me just fine. It's the client that should do the hostname-CN checking, which the fetch-script ignores. So, that can't the the issue.
AxAn
11 March 2015, 10:30
I got it working.

The problem was the certificate and me trying to connect using ip-address.
Maybe this has not been a problem before but according to this: http://php.net/manual/en/function.fsockopen.php#115405
fsockopen is now validating certificates.

Since I have my monitor set up on an internal network it does not have access to the other servers domain name by default, and because of the above it can not access it by ip (since the certificate will not be valid for the ip).

My solution was:
- On the monitor server add the web servers to the /etc/hosts (192.168.0.10 subdomain.example.com)
- In the monitor webserver config set the domain name as ip (subdomain.example.com)

It might not be the best solution.
This topic has been closed.