Werk #13899: Notification spooler: Support for TLS authentication

Component

Notifications

Title

Notification spooler: Support for TLS authentication

Date

Apr 14, 2022

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.2.0b1	Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0b9	Checkmk Enterprise (CEE), Checkmk MSP (CME)

Previously mknotifyd did not authenticate peers. With this Werk mknotifyd can be configured to require TLS client certificate authentication. This is only available if encryption for mknotifyd is configured. In order to verify the peers correctly the corresponding site CAs must be trusted. This is usually the case if you enabled the configuration sync and enabled the encryption of livestatus. If you have another setup make sure both all Site CAs are trusted on each site.

To the list of all Werks