Dave Ford
2018-10-23 13:22:48 UTC
I'm trying to get jolokia monitoring working with Check-MK but am
failing to get it working over a https connection.
I'm using the newest jolokia wars that require authentication, and
while this is working fine over http, I cannot get mk_jolokia to work
using https.
I suspect the problem I'm having is not being able to specify the
cert_path correctly.
The server has been configured with a certficiate from Let'sEncrypt and
is trusted when I use curl.
However, if I specify the fullchain.pem file containing the certificate
and it's full chain, I get:
ERROR: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:590)>
My /etc/check_mk/jolokia.cfg contains
suburi = "jolokia"
port=8083
server = "myserver.host.name"
user = "jolokia"
password = "myjolokiapassword"
mode = "digest"
protocol = "https"
cert_path = "/etc/letsencrypt/live/myserver.host.name/fullchain.pem"
I'm running this on a box with tomcat 8.5, jolokia 1.6 and python
2.17.12
Check_mk works if I used http connections - so otherwise my tomcat
setup us fine. But I'd much prefer to use a https connection for
jolokia so I can remove the http connector in tomcat completely.
Dave
failing to get it working over a https connection.
I'm using the newest jolokia wars that require authentication, and
while this is working fine over http, I cannot get mk_jolokia to work
using https.
I suspect the problem I'm having is not being able to specify the
cert_path correctly.
The server has been configured with a certficiate from Let'sEncrypt and
is trusted when I use curl.
However, if I specify the fullchain.pem file containing the certificate
and it's full chain, I get:
ERROR: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:590)>
My /etc/check_mk/jolokia.cfg contains
suburi = "jolokia"
port=8083
server = "myserver.host.name"
user = "jolokia"
password = "myjolokiapassword"
mode = "digest"
protocol = "https"
cert_path = "/etc/letsencrypt/live/myserver.host.name/fullchain.pem"
I'm running this on a box with tomcat 8.5, jolokia 1.6 and python
2.17.12
Check_mk works if I used http connections - so otherwise my tomcat
setup us fine. But I'd much prefer to use a https connection for
jolokia so I can remove the http connector in tomcat completely.
Dave