Download

Ep. 47: Securing the Checkmk web interface with HTTPS

[0:00:00] Hello my name is Bastian Kuhn and today I'm gonna show you how to secure your Checkmk web interface (with HTTPS).
[0:00:18] For that, we're gonna need a certificate. I'm going to show you how to create it, how to create a private key, how to create a signing request for this certificate, and later on how to implement it into the Apache configuration. At first, we're gonna check if you already have a secure connection. You can see that in your browser with this little icon.
[0:00:40] And because of the red border here, you can see the page currently is not secure. So, let's change that. The first thing now I'm gonna generate the private key and the certificate signing request. We should do that always on the server so that the private key stays safe there. The first thing now I'm gonna do is going to generate the private key.
[0:01:09] I'm going to use the "openssl genrsa -out:. I entered the key name and the number of bits. That's the first thing, And a second I'm going to need signing request. That's the file I'm gonna send out later to the department or the website who creates the key. Again, it's with the openSSL.
[0:01:44] This time, "req -new". I enter my private key and the name of the request file. Now this asks me some questions. The answers to these questions are normally supplied by your SSL department or the department who can generate the keys for you. This case I'm gonna use my data.
[0:02:22] The field of the common name here is the most important one because here you can enter which is your certificate name. Make sure that you have the full domain name, like stated here. Also, I want to give you the advice that if you request the certificate for exactly this name, www.monitoring.lan, would not work. So, you will basically need the exact name. So, that's done, basically is. And we now send out this request file to the department or website. After then you receive the certificate file, you can go on and implement it into Apache.
[0:03:20] In my example, I have the certificate. I got even the full chain for the certificate. And that's just the private key I generated before. The first step then is to copy it to the correct directory. First, the private.pem needs to go to /etc/ssl/private/. The certificate.pem goes to /etc/ssl/certs/.
[0:03:59] Also, I'm going to put the chain file into the same directory. That's the first step and the second part now is to change the path in Apache. For that, we go to /etc/apache2/. If you're using Red Hat, the folder would be /etc/httpd/. And there we need to gonna look for the read-allowed configuration file for the SSL. The part of this depends on your Linux distribution. In Ubuntu, like here, you can find it in sites-available.
[0:04:47] There you're going to find the default-ssl.conf. If you don't have this directory or this file, we need to gonna look for this part here where the host and the port 443, which is the port for the HTTPS. There you're gonna search for the part of the SSLCertificateFile, SSLCertificateKeyFile, and here, in this case, the SSLCertificateChainFile.
[0:05:26] What I'm gonna do now is just replace it with mine. We had a certificate.pem. Here we had the private.pem. And here, just need to remove the # here. We have the chain.pem.
[0:06:06] The next step is just to enable the site. For that, we have the a2ensite command,  where we enable default-ssl. And the second Step may be the SSL module is missing. For that, we just enabled a2emod ssl.
[0:06:28] And finally, we restart the Apache. After this reload, you should be able to query our page with https. And it looks fine now. The lock here is intact and has a secure connection. If you run in any problems, there is a little command you can use to get help. It's the apache2ctl configtest.
[0:07:09] So, for example, if Apache isn't starting, we just run this configtest. And this configtest is going to give you information, for example, if you entered the wrong directory for the certificates or something else is wrong, for example, the SSL certificate missing. I hope this gave you a little insight how to secure your Checkmk web interface. For even more information, we link to an article from our blog. 
[0:07:35] Thank you for watching. Don't forget to subscribe. See you next time.

Want to know more about Checkmk? Join us for our Introduction to Checkmk Webinar

Register now

More Checkmk Videos

Ep. 1: Installing Checkmk 2.0 and monitoring your first host
13:23 English
Ep. 1: Installing Checkmk 2.0 and monitoring your first host
In this video, Baris explains how to take get started with Checkmk and start monitoring your first host within a few minutes.
Ep. 2: The Checkmk 2.0 user interface
10:23 English
Ep. 2: The Checkmk 2.0 user interface
In this video, Baris take you through the new user interface in Checkmk 2.0. He explains the various components of the User interface such as the new navigation menus, the Sidebar, main dashboard, tactical overview, how to switch between the Checkmk interface themes and much more
Ep. 3: Using SNMP to monitor network devices in Checkmk 2.0
07:09 English
Ep. 3: Using SNMP to monitor network devices in Checkmk 2.0
In this episode, Baris explains how to monitor network devices with Checkmk. SNMP is a protocol that many switches, routers, printers, UPSs, hardware sensors and other devices have implemented with the purpose of being able to monitor them easily.
Ep. 4: Monitoring Windows in Checkmk
05:33 English
Ep. 4: Monitoring Windows in Checkmk
In this video of our Getting started with Checkmk series, Baris explains how to install a Checkmk agent on a Windows host system and add that into your monitoring environment.
Ep. 5: Using metrics and graphs in Checkmk 2.0
05:21 English
Ep. 5: Using metrics and graphs in Checkmk 2.0
In the 5th episode of the Getting started with Checkmk series, Baris explains using various metrics that you can monitor in Checkmk such as CPU utilization, CPU load etc. You can also see graph visualizations for these metrics or create and customize your own as per your requirements.
Ep. 6: Updating Checkmk 2.0 and using multiple instances
08:30 English
Ep. 6: Updating Checkmk 2.0 and using multiple instances
In this video, Baris explains how to update your Checkmk instance. It is very easy and can be done within minutes. You can run multiple Checkmk instances with different versions on the same system. This gives you the flexibility to test the new version before using it in production.
Ep. 7 (part 1): Working with rules and setting thresholds in Checkmk
18:34 English
Ep. 7 (part 1): Working with rules and setting thresholds in Checkmk
In the following three-part videos series, Baris explains rule-based monitoring with Checkmk. In the first part, he shows you how you can work with rules and set threshold values. Rule-based configuration is one of the key features for Checkmk which helps you to scale your monitoring easily within minutes.
Ep. 7 (part 2): Smart rules with Host Tags in Checkmk
16:41 English
Ep. 7 (part 2): Smart rules with Host Tags in Checkmk
In the second part of this video, Baris explains using Smart rules with host tags in Checkmk. In the first part, he shows you how you can work with rules and set threshold values. These are features that you can use to build your rules even more intelligently and to better organize your monitoring.
Ep. 7 (part 3): Managing Hosts in Folder in Checkmk
11:42 English
Ep. 7 (part 3): Managing Hosts in Folder in Checkmk
In this final part of our episode on Rule-based monitoring in Checkmk, Baris demonstrates how to manage hosts in folders in Checkmk. This helps you to apply your monitoring configurations at scale and organize your hosts according to your needs.
Ep. 8: Working with Host and Service Groups in Checkmk
07:51 English
Ep. 8: Working with Host and Service Groups in Checkmk
In this Baris demonstrates how to create host and service groups in Checkmk, so you can perform actions on an entire group instead of configuring each of them individually.
Ep. 9: Using the Quicksearch function in Checkmk
06:02 English
Ep. 9: Using the Quicksearch function in Checkmk
In this episode of the Checkmk tutorials, Baris shows how you can use the Quicksearch function in Checkmk. You can use it to easily find and manage certain hosts or services. He also explains some examples of filters to you. In Checkmk 2.0 you can use the same syntax in the Seach function found in the monitor menu to get identical results.
Ep. 10: Detecting configuration errors with the Analyze Configuration feature
04:24 English
Ep. 10: Detecting configuration errors with the Analyze Configuration feature
With the Analyze Configuration feature, you can check if there are any configuration errors in your installation. Checkmk controls a number of possible security risks or potential performance restrictions and indicates if there are any problems.
Ep. 11: View creation and customization in Checkmk
10:22 English
Ep. 11: View creation and customization in Checkmk
In this video, Baris demonstrates how to customize headers, columns, and more in Views in Checkmk for yourself or other users. He also explains how to create custom views and add desired information to these views.
Ep. 12: Acknowledging problems in Checkmk
08:39 English
Ep. 12: Acknowledging problems in Checkmk
In this video, Baris explains how you can acknowledge problems in Checkmk. This function helps you to qualify the states of hosts and services. This allows you to keep track of messages in the main dashboard and, for example, you can add comments to problems.
Ep. 13: Scheduling downtimes in Checkmk
10:06 English
Ep. 13: Scheduling downtimes in Checkmk
In the episode of our Getting started with Checkmk series, Baris explains how you can manage the maintenance times of your systems in Checkmk. Such scheduled downtimes prevent your monitoring from sending false alarms when a host or service goes to WARN or CRIT during maintenance work. You can also inform the users concerned about the maintenance via Checkmk.
Ep. 14: Distributed monitoring with Checkmk
17:27 English
Ep. 14: Distributed monitoring with Checkmk
In this video, Baris explains how you can connect several Checkmk instances to a monitoring system and then manage it.
Ep. 15: MKPs and Plugins in Checkmk
07:53 English
Ep. 15: MKPs and Plugins in Checkmk
In the 15th episode of our Getting started with Checkmk tutorial series, Baris explains what are Checkmk Extension Packages (MKPs) and how easy it is to integrate them into your Checkmk monitoring environment. MKPs are the preferred format when you make your own extensions as it makes it easy to share with other users or deploy in distributed environments.
Ep. 16: Working with 'Bulk Actions' in Checkmk
19:49 English
Ep. 16: Working with 'Bulk Actions' in Checkmk
In this episode of our Checkmk tutorials series, Baris explains how you can save a lot of time with bulk actions. With this feature you can perform various tasks such as deleting, renaming, service discovery etc. on a large number of hosts simultaneously.
Ep. 17: Working with network topologies in Checkmk
10:30 English
Ep. 17: Working with network topologies in Checkmk
In this video of our gettign startted with Checkmk series, Baris explains how to map network topologies in Checkmk. This feature is quite helpful to manage your network and prevent any unnecessary notifications from the devices in your network.
Ep. 18: Creating and customizing dashboards in Checkmk
11:38 English
Ep. 18: Creating and customizing dashboards in Checkmk
In this video of our Getting started with Checkmk series, Mathias explains how you can create and customize dashboards in Checkmk 2.0, so you can get insights into your monitoring according to your requirements. Find out more in this video.
Ep. 19: Monitoring websites and their certificates with Checkmk
15:43 English
Ep. 19: Monitoring websites and their certificates with Checkmk
In this episode, Bastian demonstrates how to monitor a website and its certificate with Checkmk. You can also monitor specific web pages with Checkmk by using the several options that will suit your use case. Learn more in this video.
Ep. 20: Configuring dashboard elements in Checkmk
9:14 English
Ep. 20: Configuring dashboard elements in Checkmk
Learn how to add data visualization elements of the various metrics into your Checkmk Dashboard. In this video, Mathias explains how you can configure these elements and create a dashboard as per your requirements.
Ep. 21: Setting up notifications in Checkmk
8:37 English
Ep. 21: Setting up notifications in Checkmk
Learn how to set up notifications in Checkmk and assign relevant contacts and contact groups to be notified for various events. Later in this video, our presenter Bastian also demonstrates how you can set up rule-based notifications according to different conditions for hosts and services.
Ep. 22: Monitoring logfiles with Checkmk
10:19 English
Ep. 22: Monitoring logfiles with Checkmk
Monitor your logfiles with Checkmk using its Logwatch plugin. It is very useful when you want to monitor your logfiles regardless of whether you are using a UNIX/Linux or a windows based system. Learn more in this video.
Ep. 24: 3 Rules for efficient network monitoring
10:59 English
Ep. 24: 3 Rules for efficient network monitoring
In this video, Bastian demonstrates 3 rules that will help you to efficiently monitor your network interfaces. With Checkmk 2.0, with just three rules, you can set up an efficient network monitoring that will not only monitor all of your network interfaces but also simultaneously provide a detailed overview of all of your ports.
Ep. 25: New UX and security improvements in Checkmk 2.1
9:01 English
Ep. 25: New UX and security improvements in Checkmk 2.1
Checkmk 2.1 come with many UX improvements such as pre-built dashboards for Linux and Windows, faster core performance and much more. Security features such as two-factor authentication etc. were also added in this new version. Watch this video to learn how to use these new features and enhancements in Checkmk.
Ep. 28: Working with InfluxDB integration in Checkmk
5:36 English
Ep. 28: Working with InfluxDB integration in Checkmk
Learn how to send data to InfluxDB from Checkmk. As InfluxDB introduced a new protocol to send data to it, a new connector was developed with Checkmk to talk natively with it. Learn more about it in this video.
Ep. 29: New agent architecture in Checkmk 2.1
11:00 English
Ep. 29: New agent architecture in Checkmk 2.1
With Checkmk 2.1, the agent architecture was modified to enable performance improvements and add new features such as TLS encryption, data compression, and the reversal of direction of communication from the agent. This will enable push mode and pull mode.
Ep. 30: Clustering the Checkmk appliance
9:17 English
Ep. 30: Clustering the Checkmk appliance
In this video, Robin demonstrates how you can cluster your Checkmk appliance to make it resilient against hardware failures. If you are using the Checkmk hardware appliance, it may be helpful to cluster your appliance to maintain high availability.
Ep. 32: Working with the Agent bakery in Checkmk
13:40 English
Ep. 32: Working with the Agent bakery in Checkmk
In this video, Robin demonstrates how to roll out agent packages with the required configuration for different monitored systems using the agent bakery in Checkmk. The "Automatic agent update" is quite a helpful feature as it pulls the latest configurations for an agent automatically and you don't need to manually update all of your agents deployed on different systems.
Ep 33: Monitoring Docker containers with Checkmk
9:20 English
Ep 33: Monitoring Docker containers with Checkmk
Learn how to monitor Docker containers with Checkmk.In this video, Robin demonstrates the process of setting up a rule to configure the docker plugin and bake an agent with the desired settings for the Docker host.
Ep 34: Introduction to Checkmk Ansible collection
5:06 English
Ep 34: Introduction to Checkmk Ansible collection
Last year the Checkmk Ansible collection was created to interact with the Checkmk REST API. In this video, Robin demonstrates how you can use this Ansible collection to automate your monitoring with Checkmk.
Ep 35: Monitoring SQL databases with Checkmk
5:18 English
Ep 35: Monitoring SQL databases with Checkmk
In this video, Robin demonstrates how you can configure your Checkmk site to monitor your SQL databases. As there are many flavours of SQL databases, the process is mostly the same.
Ep. 36: Introduction to different types of checks for monitoring with Checkmk
11:22 English
Ep. 36: Introduction to different types of checks for monitoring with Checkmk
Learn about the different types of "checks" and services in Checkmk. In this video, Robin demonstrates how you can expand the information collected by your Checkmk agent using these different "Checks".
Ep. 43: Working with Hardware/Software inventory in Checkmk
7:12 English
Ep. 43: Working with Hardware/Software inventory in Checkmk
In this video, Robin demonstrates the hardware/software inventory feature in Checkmk. With this feature one can get an overview of various pieces of hardware present in their servers, switches etc. and also the software packages installed on their operating system. Watch this video to learn more.
Ep. 48: Monitoring file servers with Checkmk
12:11 English
Ep. 48: Monitoring file servers with Checkmk
Monitoring file servers is essential for ensuring best experience for people working remotely. In this video, Bastian demonstrates various configuration options in the file system check one can use to monitor their file server efficiently.
See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing
Checkmk Conference #10

Join us for the highlight of the year when the Checkmk Community gets together in Munich from June 11-13.

Register now