Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 8588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitoring SSL certificate lifetime with nagios/icinga

kerobra

We used to monitor the remaining lifetime of (public) ssl certificates running on the user portal with icinga (1). For that we used the "check_ssl" command with the parameter of tcp-port and the publically reachable dns address, e.g. "check_http --ssl=1.2+ -p 8443 -C 16 -H userportal.domain.tld", which worked fine up to 9.355.


Since 9.4x came out the check isn't working anymore and the status in icinga returns "CRITICAL - Cannot make SSL connection". I've allready tried changing the ssl-version (which was only --ssl before) to TLS1.2, but the problem still exists.


Has anyone a solution for this or the same error since 9.4x? I've tried to contact our Sophos Support Partner, but they didn't knew any changes in 9.4 that could raise the problem.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    How does the monitoring tool work with Sophos UTM, to check the lifetime of certificates? Does the tool make a connection through Sophos UTM to reach the internet? 

    Did you find anything suspicious after checking the Intrusion Prevention, Application Control and Firewall logs? If 'Advanced Threat Protection' on the Dashboard is not zero, check that log also.?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi,

    How does the monitoring tool work with Sophos UTM, to check the lifetime of certificates? Does the tool make a connection through Sophos UTM to reach the internet? 

    Did you find anything suspicious after checking the Intrusion Prevention, Application Control and Firewall logs? If 'Advanced Threat Protection' on the Dashboard is not zero, check that log also.?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
  • 0 in reply to sachingurung

    Hi Sachin,

    I don't really have deep knowledge of icinga but I guess it opens a https session to the destination site and checks the given certificate for its lifetime.

    The connection runs through a Sophos UTM (ours - working as a transparent proxy without ssl scanning), then via Internet to the FQDN of the destination UTM. I can not see the connections in the firewall of the target UTM, but I think that is normal behaviour. I can prove that it is open since firefox has no problem opening the user portal. In certificate details I can see that the connection is encrypted (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128bit key, TLS 1.2).

    IPS is active on the UTM but it doesn't show any log entries for the checks, ATP is also empty.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Unfiltered HTML