Werk #13899: Notification spooler: Support for TLS authentication
Komponente | Notifications |
Titel | Notification spooler: Support for TLS authentication |
Datum | 14.04.2022 |
Checkmk Edition | Checkmk Enterprise (CEE) |
Checkmk-Version | 2.1.0b9 2.2.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
Previously mknotifyd did not authenticate peers. With this Werk mknotifyd can be configured to require TLS client certificate authentication. This is only available if encryption for mknotifyd is configured. In order to verify the peers correctly the corresponding site CAs must be trusted. This is usually the case if you enabled the configuration sync and enabled the encryption of livestatus. If you have another setup make sure both all Site CAs are trusted on each site.