My scenario: I have multiple hosts where the applicaiton server requires client certificate authentication, even for the monitoring endpoints. In this case, a SpringBoot - Application in a Wildfly. The endpoint is the Spring Boot health actuator, same port and “interface” as the application itself)…
Am I to duplicate the check_http - Plugin in /usr/lib/check_mk_agent/pluginsfor each endpoint and hardwire the client certificate into the cloned plugin?
thanks for the reply. I have understood how to monitor certificates and certificate expiry on the server side. Either I did not find my question answered in the article or it has not been answered there. My use case is mutual authentication via client certificate (explained here, for instance: What Is Client Certificate Authentication?).
So I would have to make sure checkmk-server has the client certificate files in some kind of keystore. And I would have to define the alias of the client certificate to be used for each of the endpoints to be called in my monitoring plugin, i.e. check_http…