New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


SSL Certificate Sensor BETA - SNI Format

Votes:

0

Your Vote:

Up

Down

Using the new "SSL Certificate Sensor BETA" sensor in version 15.3.19.3972, we're having trouble replacing the superseded "HTTP SSL Certificate Expiry sensor". I'm assuming the problem is the format of the SNI, as previously we could just use the URL (like https://kb.paessler.com).

Now, regardless of whether you use the full URL or just the domain in the "Virtual Host (SNI Domain)" field, the new "SSL Certificate Sensor BETA" is returning the following error:

Failed to establish secure connection [Step 0] Socket Error # 10054 Connection reset by peer. [Step 1] Socket Error # 10054 Connection reset by peer. [Step 2] Socket Error # 10054 Connection reset by peer. [Step 3] Socket Error # 10054 Connection reset by peer. [Step 4] Socket Error # 10054 Connection reset by peer.

The server we are querying has multiple SSL certificates, but each certificate is on its own IP address and therefore doesn't use SNI. Is this why the error is occuring, because we aren't using SNI?

sensor sni ssl

Created on Sep 14, 2015 6:25:42 PM by  stanmat (129) 3 1



5 Replies

Accepted Answer

Votes:

1

Your Vote:

Up

Down

Hi there,

You will need to leave the SNI field empty and create a device for each IP address you want to monitor. Afterwards, you can create a Certificate Expiry Sensor on each device.

Best regards, Felix

Created on Sep 15, 2015 7:16:15 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Thanks. That isn't ideal for the sake of keeping an organized hierarchy, but we'll deal with it.

Created on Sep 16, 2015 1:27:01 PM by  stanmat (129) 3 1



Votes:

0

Your Vote:

Up

Down

Hi Stan,

I see your point in regards to the hierarchy of the device tree. Maybe using Libraries might be an alternative to group those sensors.

Best regards, Felix

Created on Sep 17, 2015 6:35:15 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I ran into the same issue, once I used the IP address of the webserver, then customised the SNI of the certificate sensor to the URL, all was good, but I do think its crazy that it doesn't work from the DNS lookup, rather than the hard IP, as they are the same thing.

Created on Sep 23, 2015 3:23:29 PM by  James Tenniswood (0) 1



Votes:

0

Your Vote:

Up

Down

I just tested the sensor with the FQDN in the settings of the parent device and it appears to work. Can you check if the DNS name can be resolved on the Probe Host?

Created on Sep 24, 2015 7:22:55 AM by  Felix Saure [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.