[Check_mk (english)] HTTP check - How to configure https client certificate

Michael_von_Hunerbei · June 13, 2017, 7:03am

Hello All,

we need to check availability of our
web application externally using a client certificate., however cannot
figure out how to get that configured.

We are using CMK 1.2.8 Enterprise Edition.

Does somebody know how to set up the
HTTP check using a client certificate?

Thanks in advance an regards

Mit freundlichen Grüßen

Michael von Hünerbein

···

PAYMENT-iT

Gesellschaft für Zahlungssysteme und
Kartenprocessing mbH

Schleißheimer Straße 141, 80797 München,
Germany

Tel.: +49 89 54 59 32-0

Fax: +49 89 54 59 32-99

Handelsregister: München HRB 178824

USt-IdNr: DE 181905203

Geschäftsführung: Horst-Dieter Koch,
Thomas Rafalski

www.payment-it.com

Evy_Bongers2 · June 13, 2017, 9:56am

Hi Michael,

The check plugin does support this.

   OMD[test]:~$ lib/nagios/plugins/check_http --help
   check_http v2.2 (monitoring-plugins 2.2)
   Copyright (c) 1999-2013 Monitoring Plugins Development Team
       <devel@monitoring-plugins.org>

   This plugin tests the HTTP service on the specified host. It can test
   normal (http) and secure (https) servers, follow redirects, search for
   strings and regular expressions, check connection times, and report on
   certificate expiration times.

[...]

    -J, --client-cert=FILE
      Name of file that contains the client certificate (PEM format)
      to be used in establishing the SSL session
    -K, --private-key=FILE
      Name of file containing the private key (PEM format)
      matching the client certificate

Unfortunately, WATO does not provide a way to configure this.

You could configure your HTTP check through 'Hosts & Service parameters' > 'Active checks (HTTP, TCP, etc.)' > 'Classical active and passive Monitoring checks' and then provide the necessary parameters by hand.

You will need to upload the certificates to the server in order for this to work.

Regards,

Evy

···

On 2017-06-13 09:03, Michael von Hünerbein wrote:

Hello All,

we need to check availability of our web application externally using a client certificate., however cannot figure out how to get that configured.
We are using CMK 1.2.8 Enterprise Edition.

Does somebody know how to set up the HTTP check using a client certificate?

Thanks in advance an regards

Mit freundlichen Grüßen

Michael von Hünerbein
___________________________________________________________________

PAYMENT-iT
Gesellschaft für Zahlungssysteme und Kartenprocessing mbH
Schleißheimer Straße 141, 80797 München, Germany
Tel.: +49 89 54 59 32-0
Fax: +49 89 54 59 32-99
Handelsregister: München HRB 178824
USt-IdNr: DE 181905203
Geschäftsführung: Horst-Dieter Koch, Thomas Rafalski
www.payment-it.com
___________________________________________________________________
_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Michael_von_Hunerbei · June 13, 2017, 10:15am

Thanks Evy,

that meets my expectation with regards
to WATO is not able to get these parameters configured, although they are
supported by the native check.

I’ve already configured the active HTTPS
check and will try to extend the configuration by the missing parameters
manually as suggested.

Thanks a lot for your help and my best
regards to the Netherlands.

@CMK team: I would really appreciate
if you could extend WATO accordingly.

Mit freundlichen Grüßen

Michael von Hünerbein

···

PAYMENT-iT

Gesellschaft für Zahlungssysteme und
Kartenprocessing mbH

Schleißheimer Straße 141, 80797 München,
Germany

Tel.: +49 89 54 59 32-0

Fax: +49 89 54 59 32-99

Handelsregister: München HRB 178824

USt-IdNr: DE 181905203

Geschäftsführung: Horst-Dieter Koch,
Thomas Rafalski

www.payment-it.com

Von:
Evy
Bongers lists+check-mk@evybongers.nl
An:
Michael
von Hünerbein Michael.vonHuenerbein@payment-it.com,
Kopie:
checkmk-en@lists.mathias-kettner.de
Datum:
13.06.2017
11:56
Betreff:
Re:
[Check_mk (english)] HTTP check - How to configure https client certificate

`Hi Michael,

The check plugin does support this.

OMD[test]:~$ lib/nagios/plugins/check_http --help

check_http v2.2 (monitoring-plugins 2.2)

   <devel@monitoring-plugins.org>

This plugin tests the HTTP service on the specified host. It can
test

normal (http) and secure (https) servers, follow redirects, search
for

strings and regular expressions, check connection times, and report
on

certificate expiration times.

[…]

-J, --client-cert=FILE

  Name of file that contains the client certificate

(PEM format)

  to be used in establishing the SSL session

-K, --private-key=FILE

  Name of file containing the private key (PEM format)

  matching the client certificate

Unfortunately, WATO does not provide a way to configure this.

You could configure your HTTP check through ‘Hosts & Service parameters’

‘Active checks (HTTP, TCP, etc.)’ > ‘Classical active and passive
Monitoring checks’ and then provide the necessary parameters by hand.

You will need to upload the certificates to the server in order for this

to work.

Regards,

Evy

On 2017-06-13 09:03, Michael von Hünerbein wrote:

Hello All,

we need to check availability of our web application externally using
a

client certificate., however cannot figure out how to get that

configured.

We are using CMK 1.2.8 Enterprise Edition.

Does somebody know how to set up the HTTP check using a client

certificate?

Thanks in advance an regards

Mit freundlichen Grüßen

Michael von Hünerbein

PAYMENT-iT

Gesellschaft für Zahlungssysteme und Kartenprocessing mbH

Schleißheimer Straße 141, 80797 München, Germany

Tel.: +49 89 54 59 32-0

Fax: +49 89 54 59 32-99

Handelsregister: München HRB 178824

USt-IdNr: DE 181905203

Geschäftsführung: Horst-Dieter Koch, Thomas Rafalski

[www.payment-it.com](www.payment-it.com)

checkmk-en mailing list

checkmk-en@lists.mathias-kettner.de

[http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en`](http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en)`

`