Cannot initialize SSL server certificate handler
Issue #111
resolved
I'm upgrading from monit 5.8.1 -> 5.10. I've not changed any of my working configs from 5.8.1. The agent starts and does seem to be reporting in M/Monit, but when viewing the host, it won't connect and times out.
I checked the logs for monit and see the following:
#!
error : Cannot initialize SSL server certificate handler -- error:140A90A1:SSL routines:func(169):reason(161)
When trying to check the status of the of the agent from the command line:
#!
[root@mmonit logs]# ../bin/monit summary
SSL read timeout error
Error connecting to the monit daemon
OS: RHEL6, stock ciphers
Comments (7)
-
repo owner
-
Account Deleted reporter
I'm positive I'm running monit-5.10.
#! [root@mmonit conf.d]# ../../bin/monit -V This is Monit version 5.10 Copyright (C) 2001-2014 Tildeslash Ltd. All Rights Reserved.Here is the openssl output:
#! [root@mmonit conf.d]# openssl s_client -debug -connect 127.0.0.1:2812 CONNECTED(00000003) write to 0x25f3010 [0x2619e40] (249 bytes => 249 (0xF9)) 0000 - 16 03 01 00 f4 01 00 00-f0 03 03 54 6c b3 40 54 ...........Tl.@T 0010 - 08 f4 5a b2 8d e4 03 84-e5 a3 83 48 5b d1 d4 5b ..Z........H[..[ 0020 - a9 d4 8a d8 fd 90 b3 c5-7a f6 95 00 00 84 c0 30 ........z......0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k 0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8.....2...* 0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../ 0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67 .+.'.#.........g 0070 - 00 40 00 33 00 32 c0 12-c0 08 00 9a 00 99 00 45 .@.3.2.........E 0080 - 00 44 00 16 00 13 c0 31-c0 2d c0 29 c0 25 c0 0e .D.....1.-.).%.. 0090 - c0 04 c0 0d c0 03 00 9c-00 3c 00 2f 00 96 00 41 .........<./...A 00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 ................ 00b0 - 00 ff 01 00 00 43 00 0b-00 04 03 00 01 02 00 0a .....C.......... 00c0 - 00 08 00 06 00 19 00 18-00 17 00 23 00 00 00 0d ...........#.... 00d0 - 00 22 00 20 06 01 06 02-06 03 05 01 05 02 05 03 .". ............ 00e0 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02 ................ 00f0 - 02 03 01 01 00 0f 00 01-01 ......... read from 0x25f3010 [0x261f3a0] (7 bytes => 7 (0x7)) 0000 - 16 03 03 00 3a 02 ....:. 0007 - <SPACES/NULS> read from 0x25f3010 [0x261f3aa] (56 bytes => 56 (0x38)) 0000 - 00 36 03 03 54 6c b3 40-ea 2d dc 6f 41 39 e0 0b .6..Tl.@.-.oA9.. 0010 - ec b2 59 88 47 7f f0 a6-5f 28 b5 e9 1f d6 b2 59 ..Y.G..._(.....Y 0020 - ae 9b 86 ed 00 00 9d 00-00 0e ff 01 00 01 00 00 ................ 0030 - 23 00 00 00 0f 00 01 01- #....... read from 0x25f3010 [0x261f3a3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 03 db ..... read from 0x25f3010 [0x261f3a8] (987 bytes => 987 (0x3DB)) 0000 - 0b 00 03 d7 00 03 d4 00-03 d1 30 82 03 cd 30 82 ..........0...0. 0010 - 02 b5 a0 03 02 01 02 02-09 00 c1 57 d6 09 53 7d ...........W..S} 0020 - ee c0 30 0d 06 09 2a 86-48 86 f7 0d 01 01 05 05 ..0...*.H....... 0030 - 00 30 7d 31 0b 30 09 06-03 55 04 06 13 02 55 53 .0}1.0...U....US 0040 - 31 0b 30 09 06 03 55 04-08 0c 02 41 5a 31 0e 30 1.0...U....AZ1.0 0050 - 0c 06 03 55 04 07 0c 05-54 65 6d 70 65 31 0c 30 ...U....Tempe1.0 0060 - 0a 06 03 55 04 0a 0c 03-41 53 55 31 0c 30 0a 06 ...U....ASU1.0.. 0070 - 03 55 04 0b 0c 03 57 65-62 31 12 30 10 06 03 55 .U....Web1.0...U 0080 - 04 03 0c 09 2a 2e 61 73-75 2e 65 64 75 31 21 30 ....*.asu.edu1!0 0090 - 1f 06 09 2a 86 48 86 f7-0d 01 09 01 16 12 77 65 ...*.H........we 00a0 - 62 73 79 73 74 65 6d 73-40 61 73 75 2e 65 64 75 bsystems@asu.edu 00b0 - 30 1e 17 0d 31 34 30 34-32 31 32 30 33 37 33 30 0...140421203730 00c0 - 5a 17 0d 31 39 30 34 32-30 32 30 33 37 33 30 5a Z..190420203730Z 00d0 - 30 7d 31 0b 30 09 06 03-55 04 06 13 02 55 53 31 0}1.0...U....US1 00e0 - 0b 30 09 06 03 55 04 08-0c 02 41 5a 31 0e 30 0c .0...U....AZ1.0. 00f0 - 06 03 55 04 07 0c 05 54-65 6d 70 65 31 0c 30 0a ..U....Tempe1.0. 0100 - 06 03 55 04 0a 0c 03 41-53 55 31 0c 30 0a 06 03 ..U....ASU1.0... 0110 - 55 04 0b 0c 03 57 65 62-31 12 30 10 06 03 55 04 U....Web1.0...U. 0120 - 03 0c 09 2a 2e 61 73 75-2e 65 64 75 31 21 30 1f ...*.asu.edu1!0. 0130 - 06 09 2a 86 48 86 f7 0d-01 09 01 16 12 77 65 62 ..*.H........some 0140 - 73 79 73 74 65 6d 73 40-61 73 75 2e 65 64 75 30 _addr@domain.tld0 0150 - 82 01 22 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01 .."0...*.H...... 0160 - 05 00 03 82 01 0f 00 30-82 01 0a 02 82 01 01 00 .......0........ 0170 - ef 2c 97 e3 d0 19 99 9f-ba 56 3d ae f3 33 f8 fb .,.......V=..3.. 0180 - 25 4c ac c0 84 1f 3c f9-5e bc 2e 58 10 d9 78 17 %L....<.^..X..x. 0190 - 07 88 1c 74 30 f6 99 91-60 6e 32 3a a4 a4 ac c6 ...t0...`n2:.... 01a0 - f7 87 fd f4 09 33 a1 ba-00 0f 2e 8f 73 4b cb 50 .....3......sK.P 01b0 - c1 ca 59 34 c2 b9 0c eb-e6 9f ba 70 da 95 09 d9 ..Y4.......p.... 01c0 - b9 2c a4 f0 87 95 95 f6-28 ef 4f 85 81 94 71 07 .,......(.O...q. 01d0 - 44 74 fd 24 9e f0 e8 5b-02 66 ed bc 81 d7 f6 26 Dt.$...[.f.....& 01e0 - aa 62 c2 7d e7 1d c4 14-e6 86 f6 8d db 71 4c d3 .b.}.........qL. 01f0 - f3 cf 1d 07 18 66 62 7c-e9 a0 2a 46 de f1 7a b7 .....fb|..*F..z. 0200 - 63 ae 7d e9 97 ee 0d 13-f9 b6 b9 06 a0 ce 0f 8d c.}............. 0210 - bf 2f 6e 5a b6 5b 0d f1-fa 5d a8 d9 8d 70 bd 45 ./nZ.[...]...p.E 0220 - ef 13 68 17 2e e5 8c 01-dd e8 82 7d c7 60 0b c5 ..h........}.`.. 0230 - e8 8a 41 4c 9c 87 94 d8-30 e4 93 fe 88 52 e3 76 ..AL....0....R.v 0240 - 3f 2b a1 d9 ef be 84 4b-7a 85 2f 8d 3e 0e 88 f3 ?+.....Kz./.>... 0250 - 64 e9 5e a1 e1 68 df e1-8e d7 42 2b b2 01 e3 6e d.^..h....B+...n 0260 - e0 30 49 e1 18 9e 99 9e-f1 d6 62 d3 1d 3c a7 75 .0I.......b..<.u 0270 - 02 03 01 00 01 a3 50 30-4e 30 1d 06 03 55 1d 0e ......P0N0...U.. 0280 - 04 16 04 14 24 d7 94 3d-12 9f e6 40 21 e3 9c 82 ....$..=...@!... 0290 - f2 57 22 98 54 08 96 45-30 1f 06 03 55 1d 23 04 .W".T..E0...U.#. 02a0 - 18 30 16 80 14 24 d7 94-3d 12 9f e6 40 21 e3 9c .0...$..=...@!.. 02b0 - 82 f2 57 22 98 54 08 96-45 30 0c 06 03 55 1d 13 ..W".T..E0...U.. 02c0 - 04 05 30 03 01 01 ff 30-0d 06 09 2a 86 48 86 f7 ..0....0...*.H.. 02d0 - 0d 01 01 05 05 00 03 82-01 01 00 7b e2 fb 6d 77 ...........{..mw 02e0 - b9 10 bf 8f bb 37 ef 3f-9c 15 2a 9c 87 62 58 2e .....7.?..*..bX. 02f0 - 33 f9 cf 1d 17 a5 03 78-6e 8c 97 36 d6 b5 4c 9d 3......xn..6..L. 0300 - 4e 0e ea 1d af d1 65 9a-8f 70 e4 00 4c 00 a3 52 N.....e..p..L..R 0310 - 70 63 26 ab 72 54 6a 2a-d0 f1 23 aa 4d cc 8c 31 pc&.rTj*..#.M..1 0320 - a1 da 25 c7 ba dc ef b4-7c 1d bd 54 ab 71 28 2f ..%.....|..T.q(/ 0330 - 8d e0 74 85 a2 52 c9 f3-63 a7 8b 83 5a 40 34 71 ..t..R..c...Z@4q 0340 - dd 1e 15 5a ad ca 39 33-65 95 a1 6d 49 b3 b8 1d ...Z..93e..mI... 0350 - 22 f5 f9 b9 ef fe 81 af-79 86 af 19 7b 5d 8c f3 ".......y...{].. 0360 - 59 b5 de a6 29 3a 0f c6-bd 98 e7 68 75 6c fe 28 Y...):.....hul.( 0370 - 2d 59 f9 4d d9 90 97 0b-e4 93 82 73 6d fd f9 c9 -Y.M.......sm... 0380 - f9 c4 45 41 e9 c6 a1 e5-40 12 4d d6 44 82 5b 14 ..EA....@.M.D.[. 0390 - cf 6e f3 3e 2b 7c 33 ee-35 a6 03 08 34 be 6d b0 .n.>+|3.5...4.m. 03a0 - b1 a0 3d cf 9b 0d 82 6d-bd 5b 0a 2b b9 3b 10 1c ..=....m.[.+.;.. 03b0 - bb 6d 5e ca 63 0a 52 8a-7b 4f ab b0 6d 07 f5 1e .m^.c.R.{O..m... 03c0 - 58 1d 11 31 f2 92 c3 53-2f 3f e6 41 fe 0d 9a e8 X..1...S/?.A.... 03d0 - 89 62 b2 a9 30 17 10 1b-3a ac 48 .b..0...:.H depth=0 C = US, ST = AZ, L = Tempe, O = ASU, OU = Web, CN = *.asu.edu, emailAddress = some_addr@domain.tld verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = AZ, L = Tempe, O = ASU, OU = Web, CN = *.asu.edu, emailAddress = some_addr@domain.tld verify return:1 read from 0x25f3010 [0x261f3a3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 04 ..... read from 0x25f3010 [0x261f3a8] (4 bytes => 4 (0x4)) 0000 - 0e . 0004 - <SPACES/NULS> write to 0x25f3010 [0x2629cd0] (267 bytes => 267 (0x10B)) 0000 - 16 03 03 01 06 10 00 01-02 01 00 61 be 7c 30 47 ...........a.|0G 0010 - 07 e9 e5 52 65 bd ae 5e-e7 12 d1 c1 c5 28 50 6a ...Re..^.....(Pj 0020 - 2e 63 45 b3 18 a8 fd 57-6f 5b 04 23 1e 8d 11 c9 .cE....Wo[.#.... 0030 - 31 93 eb c0 c3 2c 76 03-d9 93 85 37 47 9e ba aa 1....,v....7G... 0040 - de ed 34 14 95 55 a7 76-f2 68 30 e8 2b 23 27 fe ..4..U.v.h0.+#'. 0050 - e2 6b 04 f7 2d 9f 63 21-d0 69 a7 b5 cd 1f 6e a9 .k..-.c!.i....n. 0060 - 63 44 88 7d 1e 93 98 cf-68 ef 25 88 7b 61 53 f6 cD.}....h.%.{aS. 0070 - 4d 60 f9 31 be 0f aa 4f-5d cf 85 73 fe bf b0 a9 M`.1...O]..s.... 0080 - a0 86 cd 40 54 c6 88 5f-ac a8 17 66 fd 52 6d 4e ...@T.._...f.RmN 0090 - c6 9c ed 1a 6e 87 00 70-ff 00 4f 95 eb 65 2a 2e ....n..p..O..e*. 00a0 - c8 ba 56 85 ae db 07 9c-57 d0 56 a3 e1 38 db 91 ..V.....W.V..8.. 00b0 - a3 1f d4 a0 a0 c5 5a bd-9e 51 e7 ea f3 e5 53 13 ......Z..Q....S. 00c0 - 52 43 66 c1 5f 38 7d 12-50 8c fa d8 1b e5 19 54 RCf._8}.P......T 00d0 - f0 2f ca 53 b2 05 d3 fc-c9 60 5d 42 2b 80 ec 2c ./.S.....`]B+.., 00e0 - 3c 8d f0 90 dc b2 82 13-a5 09 5b 11 d1 14 b0 fd <.........[..... 00f0 - 2a 24 f7 f9 c9 68 35 42-aa ce ec a9 82 a6 18 35 *$...h5B.......5 0100 - 9b 5d 8d 95 e6 33 f8 63-95 31 a6 .]...3.c.1. write to 0x25f3010 [0x2629cd0] (6 bytes => 6 (0x6)) 0000 - 14 03 03 00 01 01 ...... write to 0x25f3010 [0x2629cd0] (45 bytes => 45 (0x2D)) 0000 - 16 03 03 00 28 44 56 fa-1b 30 04 19 17 92 1e 54 ....(DV..0.....T 0010 - 55 ba e7 01 e8 89 39 64-cd df 6c 23 6a 63 ae 60 U.....9d..l#jc.` 0020 - 0b 38 43 ee c8 3b 23 27-92 3f f9 85 27 .8C..;#'.?..' read from 0x25f3010 [0x261f3a3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 aa ..... read from 0x25f3010 [0x261f3a8] (170 bytes => 170 (0xAA)) 0000 - 04 00 00 a6 00 00 01 2c-00 a0 11 ff 89 fe 8e 98 .......,........ 0010 - e6 ec 69 91 e3 6b 5b 52-17 83 61 65 af 12 e9 07 ..i..k[R..ae.... 0020 - 2a db 2d f4 6d 5b 2a 12-ef 17 97 5d 44 4a c9 69 *.-.m[*....]DJ.i 0030 - ae 5f 2d 5c c4 c1 e1 7a-1b d5 be 10 9f 74 62 0e ._-\...z.....tb. 0040 - a9 5b d8 b9 47 d3 00 e8-c6 1b f8 f5 20 e0 2a 8c .[..G....... .*. 0050 - 95 73 16 de e7 07 a3 9b-0d 06 ad be 4a 83 b7 cb .s..........J... 0060 - 89 45 d9 a1 9a f7 16 1e-44 4b 61 5d 61 d2 00 b8 .E......DKa]a... 0070 - 5b f7 60 04 40 09 da a7-d9 62 9d 71 69 2d c4 51 [.`.@....b.qi-.Q 0080 - 44 34 c5 d4 17 79 c4 0a-02 ee b2 97 6a b3 79 dd D4...y......j.y. 0090 - 9a 5c 47 2f 9b 0d dd 62-0e fe 4c 4f b0 8c fb 8c .\G/...b..LO.... 00a0 - 0b b7 3c 53 8d 98 a2 cf-36 45 ..<S....6E read from 0x25f3010 [0x261f3a3] (5 bytes => 5 (0x5)) 0000 - 14 03 03 00 01 ..... read from 0x25f3010 [0x261f3a8] (1 bytes => 1 (0x1)) 0000 - 01 . read from 0x25f3010 [0x261f3a3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 28 ....( read from 0x25f3010 [0x261f3a8] (40 bytes => 40 (0x28)) 0000 - c5 a6 89 26 3b 2a 62 a7-2d b4 cd 54 2d 8e ad e2 ...&;*b.-..T-... 0010 - a5 81 37 10 d3 30 84 61-a5 b9 44 5b 1f c7 d2 62 ..7..0.a..D[...b 0020 - a6 d8 6e c6 93 3b 63 01- ..n..;c. --- Certificate chain 0 s:/C=US/ST=AZ/L=Tempe/O=ASU/OU=Web/CN=*.asu.edu/emailAddress=some_addr@domain.tld i:/C=US/ST=AZ/L=Tempe/O=ASU/OU=Web/CN=*.asu.edu/emailAddress=some_addr@domain.tld --- Server certificate -----BEGIN CERTIFICATE----- MIIDzTCCArWgAwIBAgIJAMFX1glTfe7AMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV BAYTAlVTMQswCQYDVQQIDAJBWjEOMAwGA1UEBwwFVGVtcGUxDDAKBgNVBAoMA0FT VTEMMAoGA1UECwwDV2ViMRIwEAYDVQQDDAkqLmFzdS5lZHUxITAfBgkqhkiG9w0B CQEWEndlYnN5c3RlbXNAYXN1LmVkdTAeFw0xNDA0MjEyMDM3MzBaFw0xOTA0MjAy MDM3MzBaMH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJBWjEOMAwGA1UEBwwFVGVt cGUxDDAKBgNVBAoMA0FTVTEMMAoGA1UECwwDV2ViMRIwEAYDVQQDDAkqLmFzdS5l ZHUxITAfBgkqhkiG9w0BCQEWEndlYnN5c3RlbXNAYXN1LmVkdTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAO8sl+PQGZmfulY9rvMz+PslTKzAhB88+V68 LlgQ2XgXB4gcdDD2mZFgbjI6pKSsxveH/fQJM6G6AA8uj3NLy1DBylk0wrkM6+af unDalQnZuSyk8IeVlfYo70+FgZRxB0R0/SSe8OhbAmbtvIHX9iaqYsJ95x3EFOaG 9o3bcUzT888dBxhmYnzpoCpG3vF6t2OufemX7g0T+ba5BqDOD42/L25atlsN8fpd qNmNcL1F7xNoFy7ljAHd6IJ9x2ALxeiKQUych5TYMOST/ohS43Y/K6HZ776ES3qF L40+DojzZOleoeFo3+GO10IrsgHjbuAwSeEYnpme8dZi0x08p3UCAwEAAaNQME4w HQYDVR0OBBYEFCTXlD0Sn+ZAIeOcgvJXIphUCJZFMB8GA1UdIwQYMBaAFCTXlD0S n+ZAIeOcgvJXIphUCJZFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB AHvi+213uRC/j7s37z+cFSqch2JYLjP5zx0XpQN4boyXNta1TJ1ODuodr9Flmo9w 5ABMAKNScGMmq3JUairQ8SOqTcyMMaHaJce63O+0fB29VKtxKC+N4HSFolLJ82On i4NaQDRx3R4VWq3KOTNllaFtSbO4HSL1+bnv/oGveYavGXtdjPNZtd6mKToPxr2Y 52h1bP4oLVn5TdmQlwvkk4Jzbf35yfnERUHpxqHlQBJN1kSCWxTPbvM+K3wz7jWm Awg0vm2wsaA9z5sNgm29WworuTsQHLttXspjClKKe0+rsG0H9R5YHREx8pLDUy8/ 5kH+DZroiWKyqTAXEBs6rEg= -----END CERTIFICATE----- subject=/C=US/ST=AZ/L=Tempe/O=ASU/OU=Web/CN=*.asu.edu/emailAddress=some_addr@domain.tld issuer=/C=US/ST=AZ/L=Tempe/O=ASU/OU=Web/CN=*.asu.edu/emailAddress=some_addr@domain.tld --- No client certificate CA names sent --- SSL handshake has read 1290 bytes and written 567 bytes --- New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES256-GCM-SHA384 Session-ID: 2B05BFFED5CE205266980B735837A7BFE85ECD67F0233FF4B3A2D7ED0342CF6E Session-ID-ctx: Master-Key: FD9DCCEBB2BFD2828491E048ECB9A5A795E7A0743D5205BC8E7BE7FA6041A719D52BAE38645F4AA90AFCAF6190C679AA Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 11 ff 89 fe 8e 98 e6 ec-69 91 e3 6b 5b 52 17 83 ........i..k[R.. 0010 - 61 65 af 12 e9 07 2a db-2d f4 6d 5b 2a 12 ef 17 ae....*.-.m[*... 0020 - 97 5d 44 4a c9 69 ae 5f-2d 5c c4 c1 e1 7a 1b d5 .]DJ.i._-\...z.. 0030 - be 10 9f 74 62 0e a9 5b-d8 b9 47 d3 00 e8 c6 1b ...tb..[..G..... 0040 - f8 f5 20 e0 2a 8c 95 73-16 de e7 07 a3 9b 0d 06 .. .*..s........ 0050 - ad be 4a 83 b7 cb 89 45-d9 a1 9a f7 16 1e 44 4b ..J....E......DK 0060 - 61 5d 61 d2 00 b8 5b f7-60 04 40 09 da a7 d9 62 a]a...[.`.@....b 0070 - 9d 71 69 2d c4 51 44 34-c5 d4 17 79 c4 0a 02 ee .qi-.QD4...y.... 0080 - b2 97 6a b3 79 dd 9a 5c-47 2f 9b 0d dd 62 0e fe ..j.y..\G/...b.. 0090 - 4c 4f b0 8c fb 8c 0b b7-3c 53 8d 98 a2 cf 36 45 LO......<S....6E Start Time: 1416409920 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- write to 0x25f3010 [0x26238f3] (30 bytes => 30 (0x1E)) 0000 - 17 03 03 00 19 44 56 fa-1b 30 04 19 18 c0 db 77 .....DV..0.....w 0010 - 50 74 14 e8 f5 5b 8c 67-53 21 31 d3 af 1b Pt...[.gS!1... read from 0x25f3010 [0x261f3a3] (5 bytes => 5 (0x5)) 0000 - 17 03 03 01 61 ....a read from 0x25f3010 [0x261f3a8] (353 bytes => 353 (0x161)) 0000 - c5 a6 89 26 3b 2a 62 a8-bc ff 06 bf 71 63 c4 c2 ...&;*b.....qc.. 0010 - 26 60 e1 8e c5 ab a0 bf-e9 e8 63 21 a3 4c 3e 14 &`........c!.L>. 0020 - 7a 64 83 64 ee be d0 89-04 42 07 de bb 18 08 e8 zd.d.....B...... 0030 - c0 cf 8d 6c 27 2c 2c 6e-43 1d b0 92 75 0c 8f 03 ...l',,nC...u... 0040 - 8b f2 7f c1 70 f2 cc 63-f0 3f 5c f0 ca 2d 51 31 ....p..c.?\..-Q1 0050 - b4 3a 5e 89 71 13 2a af-18 a4 d3 09 cf f2 68 8f .:^.q.*.......h. 0060 - 79 9d 3a 09 d0 62 75 ff-4c 11 7b 64 2b 1a 33 5c y.:..bu.L.{d+.3\ 0070 - 7a fc af 52 bb 7e 6d d2-cd 90 97 bc 2c 45 3b da z..R.~m.....,E;. 0080 - 0b ae 59 16 25 64 25 6e-39 68 cf 7f 02 44 19 17 ..Y.%d%n9h...D.. 0090 - ed a0 f8 02 97 f9 0a a9-2b 0e 43 ee a2 39 e5 57 ........+.C..9.W 00a0 - f0 54 05 6b 55 24 b8 d5-a7 da c6 ac ba 63 2a 7c .T.kU$.......c*| 00b0 - 64 97 f3 83 94 a5 f6 aa-6f fb c5 c5 f8 92 ac 23 d.......o......# 00c0 - 83 11 08 88 3f 00 7f ae-37 5a ae 89 09 af 4e 92 ....?...7Z....N. 00d0 - 2a 0f a9 46 84 8e 07 34-07 97 72 d6 84 0b 37 d2 *..F...4..r...7. 00e0 - 97 f1 73 1a f7 cb 32 6f-2c f7 7f dc ad f6 d1 66 ..s...2o,......f 00f0 - d6 31 07 19 c6 77 00 28-61 8c 7d 13 fb c4 8a 8d .1...w.(a.}..... 0100 - 28 b9 05 6f 0a 20 06 d8-5b d4 81 23 7e 8a 6d 44 (..o. ..[..#~.mD 0110 - 75 94 20 81 97 7c ca 36-bc b4 a9 e9 ce d5 9e 5e u. ..|.6.......^ 0120 - 37 8a 0e 8f 32 16 ca 16-9b 39 2c d8 79 42 9f 2f 7...2....9,.yB./ 0130 - bf c9 14 3f 2c c9 b1 b7-6c ae dd 96 3e 56 31 f4 ...?,...l...>V1. 0140 - e4 c8 41 29 ce cf 99 88-f5 c3 07 68 8f d8 be 36 ..A).......h...6 0150 - 9c 67 d3 ad 51 3f ef bb-a1 91 7d da 38 38 33 b9 .g..Q?....}.883. 0160 - c8 . HTTP/1.0 400 Bad Request Date: Wed, 19 Nov 2014 15:12:16 GMT Server: monit 5.10 Content-Type: text/html Connection: close <html><head><title>Bad Request</title></head><body bgcolor=#FFFFFF><h2>Bad Request</h2>Cannot parse request<p><hr><a href='http://mmonit.com/monit/'><font size=-1>monit 5.10</font></a></body></html> read from 0x25f3010 [0x261f3a3] (5 bytes => 0 (0x0)) read:errno=0 write to 0x25f3010 [0x26238f3] (31 bytes => 31 (0x1F)) 0000 - 15 03 03 00 1a 44 56 fa-1b 30 04 19 19 ee 4d d9 .....DV..0....M. 0010 - f4 e8 53 98 10 ce b4 13-05 aa c1 41 a9 49 5d ..S........A.I] -
repo owner
Thanks for data. It seems that s_client was able to connect to Monit HTTP interface via SSL => the problem may be related to Monit CLI only.
I'm unable to replicate the issue (on CentOS 6.6), compiled from source and also using pre-compiled monit-5.10-linux-x64.tar.gz binary.
Additional questions:
1.) please can you post your "set httpd" statement? (obfuscate any "allow" option values)
2.) is it possible to connect to Monit using web browser?
3.) is it possible to do some service action from M/Monit status details of the given host? (for example try to mark one service and press "unmonitor" button)
4.) where from the binary is? (compiled from source or pre-compiled)?
5.) please can you provide output of "ldd <path>/monit" ?
-
Account Deleted reporter
No problem. Here are the answers below:
1) monitrc:
#! set httpd port 2812 SSL ENABLE # enable SSL PEMFILE /usr/local/monit/conf/monit.pem # Self signed monit cert ALLOWSELFCERTIFICATION # allow localhost # allow localhost to connect to the server allow xxx.xxx.xxx.xxxx # allow user:password # require user 'user' with password 'password' allow @group # allow users of group 'group' to connect (rw) allow @users readonly # allow users of group 'users' to connect readonly2) No
3) I can monitor/unmonitor from the CLI and from M/Monit 3.3 as well.
4) I compile the binaries:
#! ./configure --prefix=/usr/local/monit --sysconfdir=/usr/local/monit/conf5)
#! [root@mmonit conf]# ldd /usr/local/monit/bin/monit linux-vdso.so.1 => (0x00007fffaba3d000) libpam.so.0 => /lib64/libpam.so.0 (0x00007f3572e2e000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3572c11000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f35729d9000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f35727bf000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f35725a6000) libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f3572339000) libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f3571f56000) libc.so.6 => /lib64/libc.so.6 (0x00007f3571bc2000) libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f357199e000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f357179a000) /lib64/ld-linux-x86-64.so.2 (0x00007f3573047000) libfreebl3.so => /lib64/libfreebl3.so (0x00007f3571521000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f35712dc000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f3570ff6000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f3570df2000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f3570bc5000) libz.so.1 => /lib64/libz.so.1 (0x00007f35709af000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f35707a4000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f35705a0000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f3570381000) -
repo owner
Thanks for data. I'm still not able to reproduce the issue.
The problem is really strange, as the s_client connection succeeded and as you mentioned, the unmonitor/monit works from both M/Monit and Monit CLI. The Monit's CLI "monit summary" performs the connection exactly the same way as the unmonitor/monitor does (shares the same code), so if one works, the other should work too.
Maybe the error from the monit log was old and not related to this timeout: "Cannot initialize SSL server certificate handler -- error:140A90A1:SSL routines:func(169):reason(161)"
Does the "monit summary" still have problem with SSL timeout?
-
Account Deleted reporter
Thanks for looking into this. I added a couple of CPU's the mmonit box last night and rebooted it. When it came back up, it still had the same issues. I recompiled it and the agent is working as intended now. I have no idea what the issue was at this point.
#! [root@mmonit bin]# ./monit summary The Monit daemon 5.10 uptime: 2m Program 'top_procs' Status ok Filesystem 'rootfs' Accessible Filesystem 'boot' Accessible Process 'sshd' Running System 'host.domain.tld' Running Process 'mysql' Running Program 'mailq' Status ok File 'mailq-sub' Accessible -
Account Deleted reporter
- changed status to resolved
After rebooting the box and recompiling the agent, it is working correctly now.
- Log in to comment
Please double check that you did not install or have an old Monit version running. (monit --version or monit -V). This looks like an old error which was fixed back in January.
Monit 5.10 disabled SSLv3, which is no longer secure - only TLSv1+ methods are supported. What does 'openssl s_client -debug -connect 127.0.0.1:2812' say?