Download

Werk #16225: Ignore certificates with negative serial numbers

Component Setup
Title Ignore certificates with negative serial numbers
Date Nov 24, 2023
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.3.0b1
Level Trivial Change
Class Bug Fix
Compatibility Incompatible - Manual interaction might be required

X509 certificates contain a serial number which is used for various purposes.

Since RFC5280 (May 2008) certificates must be a positive integer. There used to be certificates with negative serial numbers which were accepted. Our underlying libraries start to deprecate the support for these certificates, therefore Checkmk now deems them invalid.

Please note that these certificates are very uncommon. If Checkmk encounters such a certificate it will log it to var/log/web.log.

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing
Checkmk Conference #10

Join us for the highlight of the year when the Checkmk Community gets together in Munich from June 11-13.

Register now