[Mageia-sysadm] [sysadmin-reports] Hobbit [38] forums.mageia.org:sslcert warning (YELLOW)

Buchan Milne bgmilne at zarb.org
Thu Feb 9 10:12:51 CET 2012

On Wednesday, 8 February 2012 21:29:56 nicolas vigier wrote:
> On Wed, 08 Feb 2012, root at mageia.org wrote:
> > yellow Wed Feb  8 19:58:39 2012
> > 
> > &yellow SSL certificate for https://forums.mageia.org/ expires in 13 days
> > 
> > Server certificate:
> > 	
> > 	
tionalUnit/CN=friteuse.mageia.org/emailAddress=root at friteuse.mageia.org
> > 	start date: 2011-02-22 01:21:12 GMT
> > 	expire date:2012-02-22 01:21:12 GMT
> We have this warning, but xymon is checking the wrong certificate as it
> is connecting to friteuse from alamut, and checking friteuse ssl
> certificate.

Well, there is an http/https check for friteuse for the URL 
https://forum.mageia.org, specify friteuse' IP, and there is also a check on 
forums.mageia.org for the URL https://forums.mageia.org. On Alamut, 
forums.mageia.org resolves to friteuse (entry in /etc/hosts), and the URL 
check https://forums.mageia.org does not currently specify to use the public 

> But normal users using the forum are connecting to alamut
> which is doing reverse proxy to friteuse, and using alamut ssl
> certificate (which is valid until febuary 2013).

But, when friteuse' certificate expires, alamut's reverse proxy may refuse to 
connect to friteuse, so both should be checked.

> So we should either disable this check for forums.mageia.org, or move
> xymon to an other server.

No, the URL check for https://forums.mageia.org on host forums.mageia.org 
should specify to connect to the IP of alamut instead of friteuse (or the 
entry in /etc/hosts on alamut should be removed if it is not required). I have 
done add the IP in the URL check for forums in r2358.


More information about the Mageia-sysadm mailing list