Hey,
we have some certificates that we want to monitor just to see “that they are there”. They have expired a long time ago. Sadly I can’t disable the alert for the age. Negative numbers are not allowed. Maybe a check box “ignore outdated certificates” or something like that would be nice for us.
Josef
Why do you even use the check in certificate mode then? If you are only interested in the fact that there is a certificate, just check, if you can reach the endpoint through TLS. That already tells you, if there is a certificate.
We only consume the upstream check_http from the monitoring plugins, so feature would be needed there first.
Maybe there is also another plugin you could use for this use case, or write something yourself?
I don’t understand why in WATO it should not be possible to say “0=ok” for the check.
For us, we would like to see all certificates with name and date. So we can add that point/check in a BI-Aggregation and a risk matrix and accept that risk with an corresponding comment.
So we know (and external inspectors) that there is a certificate with the name “XY” and the expire date “YZ” but we accept that risk because of a reason (for example “old software - not able to change”).
Josef
If you just want to have the service in state OK even if it is naively CRIT, you can use the rule “service state translation” to modify the result of the service.
That will do it 
great thanks
josef