[BUG] SSL certificate check not working as expected

Hello,

We are using a wildcard domain verification certificate on multiple servers within our organization. Recently we renewed our cert.
Today I realised I had forgotten to setup the certification verification rule for one server, where I yet not installed the renewed certificate on. After enabling the rule for this host, I was very surprised to find that Checkmk reported the expired certificate as being OK, including the expire date of our new certificate, which not has been installed on the particular server yet.
So, for me it looks like this rule does not actually check the cert on every server. Instead, it knows about the valid wildcard cert and, based on that it incorrectly concludes that all servers within the domain must be OK.

Hi Nico,

I don’t think there is a bug here. I think maybe your webserver presents a certificate even if you just address it via https://$HOSTADDRESS$/ where your old certificate still remains, but you may have a single vhost configuration which presents the new certificate at https://$HOSTNAME$.domain.tld/ and you might have to adjust your check to accommodate this.

Have a look at your webserver configuration and your rule(s), and if in doubt, show them to us here.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.