[Mageia-sysadm] [sysadmin-reports] Hobbit [38] forums.mageia.org:sslcert warning (YELLOW)
Buchan Milne
bgmilne at zarb.org
Thu Feb 9 10:12:51 CET 2012
On Wednesday, 8 February 2012 21:29:56 nicolas vigier wrote:
> On Wed, 08 Feb 2012, root at mageia.org wrote:
> > yellow Wed Feb 8 19:58:39 2012
> >
> > &yellow SSL certificate for https://forums.mageia.org/ expires in 13 days
> >
> > Server certificate:
> >
subject:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganiza
> >
tionalUnit/CN=friteuse.mageia.org/emailAddress=root at friteuse.mageia.org
> > start date: 2011-02-22 01:21:12 GMT
> > expire date:2012-02-22 01:21:12 GMT
>
> We have this warning, but xymon is checking the wrong certificate as it
> is connecting to friteuse from alamut, and checking friteuse ssl
> certificate.
Well, there is an http/https check for friteuse for the URL
https://forum.mageia.org, specify friteuse' IP, and there is also a check on
forums.mageia.org for the URL https://forums.mageia.org. On Alamut,
forums.mageia.org resolves to friteuse (entry in /etc/hosts), and the URL
check https://forums.mageia.org does not currently specify to use the public
IP.
> But normal users using the forum are connecting to alamut
> which is doing reverse proxy to friteuse, and using alamut ssl
> certificate (which is valid until febuary 2013).
But, when friteuse' certificate expires, alamut's reverse proxy may refuse to
connect to friteuse, so both should be checked.
> So we should either disable this check for forums.mageia.org, or move
> xymon to an other server.
No, the URL check for https://forums.mageia.org on host forums.mageia.org
should specify to connect to the IP of alamut instead of friteuse (or the
entry in /etc/hosts on alamut should be removed if it is not required). I have
done add the IP in the URL check for forums in r2358.
Regards,
Buchan
More information about the Mageia-sysadm
mailing list