If you enable SSL verification for your web checks, your check may show as down with the following error:
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
This means that the certificate chaining is invalid. It may show correctly in your browser and for many of your users but on a strict test, the certificate doesn't correctly validate using the operating system provided root certificates.
We use the certificates provided by Ubuntu Linux (the OS our monitoring nodes run) and if your certificate chain is non-standard, we'll show this error.
The usual way to solve this is to check with your SSL certificate issuer and ask them for their Intermediate Certificate. You then need to chain this in your own SSL certificate to provide it to systems where the root certificates do not have it preinstalled. Your SSL certificate issuer should provide you with instructions for doing this.
Correctly chaining all your certificates means all users will be able to visit your URL without any warnings or errors.
You can perform an independent SSL check using the Qualys Labs SSL Checker.
Comments