1

I would like to setup monitoring of our Springboot application. We already have jolokia included in. I'm not able to connect to jolokia endpoint though due to ssl certificate validation failure.

GET https://localhost:9090/jolokia/search/*%3Aj2eeType%3DJ2EEServer%2C*

===========================================================
500 Can't connect to localhost:9090 (certificate verify failed)
Content-Type: text/plain
Client-Date: Mon, 07 Dec 2020 13:12:16 GMT
Client-Warning: Internal response

Can't connect to localhost:9090 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/lib/perl5/vendor_perl/5.26.1/LWP/Protocol/http.pm line 50.

Thank you, Radovan

Radovan Bičiště
  • 58
  • 4
  • It could be achieved by setting option as described here https://stackoverflow.com/questions/6795030/how-to-ignore-certificate-verify-failed-error-in-perl . Just do not know how to pass through. – Radovan Bičiště Dec 07 '20 at 13:28

1 Answers1

0

You might want to try setting this environment variable:

PERL_LWP_SSL_VERIFY_HOSTNAME=0

You don't give an example of what your check command looks like, but as a general example you should be able to squeeze in environment variables at the start of it:

define command {
   command_name foo
   command_line PERL_LWP_SSL_VERIFY_HOSTNAME=0 /plugins/my_plugin.pl (...)
}

This is one way of setting the variable at run time, you can of course set it in other ways, such as in a systemd service file, but I think this is the easiest and surest way to get it to apply.

pzkpfw
  • 565
  • 3
  • 21
  • It did not fix the issue. :( I'm testing locally: `> jmx4perl https://localhost:9090/jolokia --verbose --user admin --password ... GET https://localhost:9090/jolokia/search/*%3Aj2eeType%3DJ2EEServer%2C* Can't connect to localhost:9090 (certificate verify failed) SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/lib/perl5/vendor_perl/5.26.1/LWP/Protocol/http.pm line 50. 500 Can't connect to localhost:9090 (certificate verify failed)` – Radovan Bičiště Dec 09 '20 at 12:38
  • You need to supply more information. What is your check command like? What is Nagios configured to do? – pzkpfw Dec 09 '20 at 12:57
  • Currently I'm only testing and running the command from the shell not inside the nagios. – Radovan Bičiště Dec 09 '20 at 13:34
  • The output you provided doesn't show that you set the `PERL_LWP_SSL_VERIFY_HOSTNAME` env variable, did you? – pzkpfw Dec 16 '20 at 12:50