check_http fails on Cisco ASA

Travis Runyard travisrunyard at gmail.com
Fri Feb 1 06:07:14 CET 2013


Have you tried check_http -I <ip> -S
The -H is for hostnames


On Thu, Jan 31, 2013 at 8:35 PM, Frank Bulk <frnkblk at iname.com> wrote:

> Does anyone have check_http working against the SSL VPN GUI interface of a
> Cisco ASA?
>
> Whenever I check it always closes, but wget and curl work fine:
> =====================================================
> nagios:/usr/lib/nagios/plugins# ./check_http -H <ip> -S -v
> GET / HTTP/1.1
> User-Agent: check_http/v1.4.15 (nagios-plugins 1.4.15)
> Connection: close
> Host: <ip>
>
>
> CRITICAL - Socket timeout after 10 seconds
> nagios:/usr/lib/nagios/plugins#
> =====================================================
> nagios:/usr/lib/nagios/plugins# wget https://<ip> --no-check-certificate
> --2013-01-31 22:31:39--  https://<ip>/
> Connecting to <ip>:443... connected.
> WARNING: cannot verify <ip>âs certificate, issued by
> â/CN=<host>/unstructuredName=<host>â
>
> Self-signed certificate encountered.
> WARNING: certificate common name â<host>â<ip>â
>
> HTTP request sent, awaiting response... 302 Object Moved
> Location: /+CSCOE+/logon.html [following]
> --2013-01-31 22:31:39--  https://<ip>/+CSCOE+/logon.html
> Connecting to <ip>:443... connected.
> WARNING: cannot verify <ip>âs certificate, issued by
> â/CN=<host>/unstructuredName=<host>â
>
> Self-signed certificate encountered.
> WARNING: certificate common name â<host>â<ip>â
>
> HTTP request sent, awaiting response... 200 OK
> Length: unspecified [text/html]
> Saving to: âindex.htmlâ
>
>     [ <=>
> ] 4,514       --.-K/s   in 0.03s
>
> 2013-01-31 22:31:39 (158 KB/s) - âindex.htmlâ
>
> nagios:/usr/lib/nagios/plugins#
> =====================================================
> nagios:/usr/lib/nagios/plugins# curl https://<ip> --insecure -v
> * About to connect() to <ip> port 443 (#0)
> *   Trying <ip>... connected
> * Connected to <ip> (<ip>) port 443 (#0)
> * successfully set certificate verify locations:
> *   CAfile: none
>   CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using RC4-SHA
> * Server certificate:
> *        subject: CN=<host>; unstructuredName=<host>
> *        start date: 2010-02-03 00:10:30 GMT
> *        expire date: 2020-02-01 00:10:30 GMT
> *        common name: <host> (does not match '<ip>')
> *        issuer: CN=<host>; unstructuredName=<host>
> *        SSL certificate verify result: self signed certificate (18),
> continuing anyway.
> > GET / HTTP/1.1
> > User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0
> OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.5
> > Host: <ip>
> > Accept: */*
> >
> * HTTP 1.0, assume close after body
> < HTTP/1.0 302 Object Moved
> < Server: Cisco AWARE 2.0
> <
> Fri, 01 Feb 2013 04:07:54 GMT
> < Location: /+CSCOE+/logon.html
> < Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/
> < Content-Type: text/html; charset=UTF-8
> < Transfer-Encoding: chunked
> < Cache-Control: no-cache
> < Pragma: no-cache
> * HTTP/1.0 connection set to keep alive!
> < Connection: Keep-Alive
> < Date:
>
> * Connection #0 to host <ip> left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
> nagios:/usr/lib/nagios/plugins#
> =====================================================
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_jan
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130131/94e1f14a/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list