check_http fails on Cisco ASA
Frank Bulk
frnkblk at iname.com
Fri Feb 1 05:35:32 CET 2013
Does anyone have check_http working against the SSL VPN GUI interface of a
Cisco ASA?
Whenever I check it always closes, but wget and curl work fine:
=====================================================
nagios:/usr/lib/nagios/plugins# ./check_http -H <ip> -S -v
GET / HTTP/1.1
User-Agent: check_http/v1.4.15 (nagios-plugins 1.4.15)
Connection: close
Host: <ip>
CRITICAL - Socket timeout after 10 seconds
nagios:/usr/lib/nagios/plugins#
=====================================================
nagios:/usr/lib/nagios/plugins# wget https://<ip> --no-check-certificate
--2013-01-31 22:31:39-- https://<ip>/
Connecting to <ip>:443... connected.
WARNING: cannot verify <ip>âs certificate, issued by
â/CN=<host>/unstructuredName=<host>â
Self-signed certificate encountered.
WARNING: certificate common name â<host>â<ip>â
HTTP request sent, awaiting response... 302 Object Moved
Location: /+CSCOE+/logon.html [following]
--2013-01-31 22:31:39-- https://<ip>/+CSCOE+/logon.html
Connecting to <ip>:443... connected.
WARNING: cannot verify <ip>âs certificate, issued by
â/CN=<host>/unstructuredName=<host>â
Self-signed certificate encountered.
WARNING: certificate common name â<host>â<ip>â
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: âindex.htmlâ
[ <=>
] 4,514 --.-K/s in 0.03s
2013-01-31 22:31:39 (158 KB/s) - âindex.htmlâ
nagios:/usr/lib/nagios/plugins#
=====================================================
nagios:/usr/lib/nagios/plugins# curl https://<ip> --insecure -v
* About to connect() to <ip> port 443 (#0)
* Trying <ip>... connected
* Connected to <ip> (<ip>) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: CN=<host>; unstructuredName=<host>
* start date: 2010-02-03 00:10:30 GMT
* expire date: 2020-02-01 00:10:30 GMT
* common name: <host> (does not match '<ip>')
* issuer: CN=<host>; unstructuredName=<host>
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0
OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.5
> Host: <ip>
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 302 Object Moved
< Server: Cisco AWARE 2.0
<
Fri, 01 Feb 2013 04:07:54 GMT
< Location: /+CSCOE+/logon.html
< Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Cache-Control: no-cache
< Pragma: no-cache
* HTTP/1.0 connection set to keep alive!
< Connection: Keep-Alive
< Date:
* Connection #0 to host <ip> left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
nagios:/usr/lib/nagios/plugins#
=====================================================
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list