Using check_http for https

[Thomas Guyot-Sionnest]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 04/01/16 09:03 AM, Gereon Kremer wrote:
> > Hello, > > I'm using nagios for website monitoring and recently one
of the sites > was migrated to https. > I'll abstract from the nagios
config now and directly show the problem > on the plugin. > > I now want
to migrate the following command to https: > check_http -H <url> > >
What works: > wget https://<url> > > What does not work (with result): >
check_http -S -H <url>   (timeout) > check_http --ssl -H <url>  
(timeout) > check_http --ssl=1 -H <url>   (timeout) > check_http --ssl=2
-H <url>   (SSL protocol version 2 is not supported > by your SSL
library.) > check_http --ssl=3 -H <url>   (sslv3 alert handshake >
failure:s3_pkt.c:1294:SSL alert number 40) > check_http -p 443 -H
<url>   (timeout)

Hi Gereon,

Have you tried:

check_https -H <url>
check_http -S -p 443 -H <url>

If I'm not mistaken, calling check_http as check_https does two things:
1. enable ssl (-S/--ssl), and 2. change the default port to 443
(check_https should be a symlink to check_http). When you set the port
to 443, it's like doing "http://host:443/" : that will use normal http
on an ssl connection which won't work. Similarly, I don't think
check_http is smart enough to decide when it should change the default
port to 443 unless when called as "check_https", so when you use
-S/--ssl without explicitly setting port 443, it's like doing
"https://host:80/" - going ssh on a non-ssh connection won't work neither.

Regards,

- -- 
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlaKvX4ACgkQ6dZ+Kt5BchbeIwCgyH17A5sbRD+Bew4476PaG62d
jZMAnA/SNVadYqN6UTWAvAyodlt7xl+J
=jtlD
-----END PGP SIGNATURE-----