Jump to content
🚀 Pulseway 9.10 🚀

SSL Certificate check fails on wildcard certificate

JHP

By JHP
in Bugs

 Share

Recommended Posts

JHP

JHP

Posted
Posted

We are trying to set up SSL certificate monitoring, and it's working fine for our standard certificates, e.g. test.company.com and prod.company.com. When viewing the certificates in the app we get the number of days left before expiration. So far so good.

 

However, as soon as we add our wildcard certificate, *.company.com, to the configuration, the "Certificates" page for the server in the app just shows "Loading monitored certificates...", eventually yielding "Data not available."

 

As soon as the wildcard certificate is removed from the config, we can view the others just fine.

  • Staff
Chris

Chris

Posted
  • Staff
Posted

Hi,

 

Welcome to the Pulseway community. Please PM me the hostname and port of the service that uses the wildcard certificate (if it's in the DMZ) and we will investigate the issue.

 

Regards,

Chris

Pulseway Support

  • 3 weeks later...
Marius

Marius

Posted
Posted

What server address are you entering when adding the certificate entry in Pulseway Manager?

Can you please email our support with the details?

  • 2 weeks later...
JHP

JHP

Posted
  • Author
Posted

Hi Marius

The error is present on a Linux agent, running on Ubuntu Server 14.04.

Prompted by your question I just tried setting up a Windows agent on a desktop machine and adding cert monitoring - on Windows the wildcard certificate monitoring works fine!

/Jakob

  • 2 weeks later...
Dan P.

Dan P.

Posted
Posted

I too have experienced this (or a similar) issue, but with SAN type of certificates.

Given a SAN certificate with the following hostnames (in this order):

*.domain1.com
*.domain2.com

And an certificate monitor setup for foo.domain2.com - I indeed see the number of days until expiry, but a result that says something like "certificate cannot be verified".

If I change the monitor to check for something like foo.domain1.com (the first domain on the cert) - everything goes green and works as expected. I'm guessing that it only works properly when verifying the first hostname on the certificate or something?

For reference, I'm running on Windows 2008R2 (with the latest version of the Pulseway agent).

Hope this helps -- let me know if I can provide any further details!

 

Marius

Marius

Posted
Posted

I too have experienced this (or a similar) issue, but with SAN type of certificates.

Given a SAN certificate with the following hostnames (in this order):

*.domain1.com
*.domain2.com

And an certificate monitor setup for foo.domain2.com - I indeed see the number of days until expiry, but a result that says something like "certificate cannot be verified".

If I change the monitor to check for something like foo.domain1.com (the first domain on the cert) - everything goes green and works as expected. I'm guessing that it only works properly when verifying the first hostname on the certificate or something?

For reference, I'm running on Windows 2008R2 (with the latest version of the Pulseway agent).

Hope this helps -- let me know if I can provide any further details!

 

Could you please email our support with the real hostnames so we can try to reproduce? 

Thank you.

Hi Marius

The error is present on a Linux agent, running on Ubuntu Server 14.04.

Prompted by your question I just tried setting up a Windows agent on a desktop machine and adding cert monitoring - on Windows the wildcard certificate monitoring works fine!

/Jakob

Thank you Jakob,

we have added this issue to be fixed for the next agent release.

Marius

Marius

Posted
Posted

Marius,

I've emailed in exact repro details to support.

We have received the email and managed to reproduce the issue. A fix will be included in the next release.

Thank you for your help!

Marius

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...