[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Setting up SSL
From: |
Jon Evans |
Subject: |
Setting up SSL |
Date: |
Fri, 21 May 2004 12:52:48 +0100 |
Hi,
I want my Monit server to be open to the whole company (so service
checks can be carried out wherever I happen to be) but also secured by
password, and also SSL so the password cannot be sniffed.
I've followed the instructions for creating a certificate file, both
from here:
http://www.eclectica.ca/howto/ssl-cert-howto.php
- which walks you through setting up your own CA to sign the new
certificate with, and here:
http://sial.org/howto/openssl/self-signed/
which just creates a self-signed certificate.
That last one you might have to get via the google cache, search for
openssl create self signed certificate and it's the top result.
Both techniques end up by doing this:
cat host.cert host.key > host.pem
to create a file that contains both the key and the certificate.
monit -I -v starts up OK, but when I browse to it it spits out this
error:
monit: check_preverify(): SSL connection rejected because certificate
verification has failed -- Error 20
monit: embed_accepted_ssl_socket(): Openssl engine error:
error:140890B2:SSL routines:func(137):reason(178)
a brief google search tells me that func(137) is
ENGINE_R_INVALID_CMD_NAME and reason(178) is ENGINE_F_ENGINE_CTRL_CMD
but apart from that I'm out of my depth.
My test config file starts with:
set httpd port 2812
ssl enable
pemfile /home/evansj/cert/monit.pem
allow admin:monit
and I'm using monit 4.3.
Any ideas?
I also have a feature request: it would be useful if there was a
command line flag to tell monit to NOT do service stops / starts /
restarts, so config files can be tested. I can't run my fully featured
config file as an unprivileged user because of the ICMP checks.
Thanks again,
Jon
- Setting up SSL,
Jon Evans <=