Werk #13899: Notification spooler: Support for TLS authentication

Component Notifications
Title Notification spooler: Support for TLS authentication
Date Apr 14, 2022
Checkmk Editon Checkmk Enterprise (CEE)
Checkmk Version 2.2.0i1 2.1.0b9
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed

Previously mknotifyd did not authenticate peers. With this Werk mknotifyd can be configured to require TLS client certificate authentication. This is only available if encryption for mknotifyd is configured. In order to verify the peers correctly the corresponding site CAs must be trusted. This is usually the case if you enabled the configuration sync and enabled the encryption of livestatus. If you have another setup make sure both all Site CAs are trusted on each site.

To the list of all Werks