Hi. I've had trouble in the past trying to find a value for certmd5
that would be accepted by Monit. No matter what I tried, I always
received an error stating that the hash was invalid.
My process for finding the certmd5 value is as follows:
openssl s_client -connect server:port
Copy the certificate
openssl x509 -noout -fingerprint -md5
Paste the certificate
Strip out the `:' and paste in to monitrc.
Unfortunately, the hash generated by openssl is not accepted by Monit.
That is to say, it is syntactically valid, but the hash is reported as
being incorrect. I took a look at the code to try and see what was
wrong. I've rewritten a small part of ssl.c to fix the problem. A diff
against r351 is attached. This is just a hack to get it working and is
by no means intended to be included as-is in the trunk.