Jump to content

SSL Certificate check fails on wildcard certificate


JHP

Recommended Posts

We are trying to set up SSL certificate monitoring, and it's working fine for our standard certificates, e.g. test.company.com and prod.company.com. When viewing the certificates in the app we get the number of days left before expiration. So far so good.

 

However, as soon as we add our wildcard certificate, *.company.com, to the configuration, the "Certificates" page for the server in the app just shows "Loading monitored certificates...", eventually yielding "Data not available."

 

As soon as the wildcard certificate is removed from the config, we can view the others just fine.

Link to comment
Share on other sites

  • Staff

Hi,

 

Welcome to the Pulseway community. Please PM me the hostname and port of the service that uses the wildcard certificate (if it's in the DMZ) and we will investigate the issue.

 

Regards,

Chris

Pulseway Support

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Hi Marius

The error is present on a Linux agent, running on Ubuntu Server 14.04.

Prompted by your question I just tried setting up a Windows agent on a desktop machine and adding cert monitoring - on Windows the wildcard certificate monitoring works fine!

/Jakob

Link to comment
Share on other sites

  • 2 weeks later...

I too have experienced this (or a similar) issue, but with SAN type of certificates.

Given a SAN certificate with the following hostnames (in this order):

*.domain1.com
*.domain2.com

And an certificate monitor setup for foo.domain2.com - I indeed see the number of days until expiry, but a result that says something like "certificate cannot be verified".

If I change the monitor to check for something like foo.domain1.com (the first domain on the cert) - everything goes green and works as expected. I'm guessing that it only works properly when verifying the first hostname on the certificate or something?

For reference, I'm running on Windows 2008R2 (with the latest version of the Pulseway agent).

Hope this helps -- let me know if I can provide any further details!

 

Link to comment
Share on other sites

  • Administrators

I too have experienced this (or a similar) issue, but with SAN type of certificates.

Given a SAN certificate with the following hostnames (in this order):

*.domain1.com
*.domain2.com

And an certificate monitor setup for foo.domain2.com - I indeed see the number of days until expiry, but a result that says something like "certificate cannot be verified".

If I change the monitor to check for something like foo.domain1.com (the first domain on the cert) - everything goes green and works as expected. I'm guessing that it only works properly when verifying the first hostname on the certificate or something?

For reference, I'm running on Windows 2008R2 (with the latest version of the Pulseway agent).

Hope this helps -- let me know if I can provide any further details!

 

Could you please email our support with the real hostnames so we can try to reproduce? 

Thank you.

Hi Marius

The error is present on a Linux agent, running on Ubuntu Server 14.04.

Prompted by your question I just tried setting up a Windows agent on a desktop machine and adding cert monitoring - on Windows the wildcard certificate monitoring works fine!

/Jakob

Thank you Jakob,

we have added this issue to be fixed for the next agent release.

Link to comment
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...