Werk #13899: Notification spooler: Support for TLS authentication
Component | Notifications |
Title | Notification spooler: Support for TLS authentication |
Date | Apr 14, 2022 |
Checkmk Edition | Checkmk Enterprise (CEE) |
Checkmk Version | 2.2.0b1 2.1.0b9 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
Previously mknotifyd did not authenticate peers. With this Werk mknotifyd can be configured to require TLS client certificate authentication. This is only available if encryption for mknotifyd is configured. In order to verify the peers correctly the corresponding site CAs must be trusted. This is usually the case if you enabled the configuration sync and enabled the encryption of livestatus. If you have another setup make sure both all Site CAs are trusted on each site.