Notification Spooler Configuration

Hi !

When I configure the notif spool on a remote site I can enable authentication
But what authentication is used ?
If I enable the inline help the auth is done using the certificate, but when I select this option it fails
Although my site is connected and the ssl uses trusted certs

Hi @philippe

here is the Werk for this feature with a bit more context.

Previously mknotifyd did not authenticate peers. With this Werk mknotifyd can be configured to require TLS client certificate authentication. This is only available if encryption for mknotifyd is configured. In order to verify the peers correctly the corresponding site CAs must be trusted. This is usually the case if you enabled the configuration sync and enabled the encryption of livestatus. If you have another setup make sure both all Site CAs are trusted on each site.


our setup meets both conditions but doens’t work


and configs are pushed from central to satelite

Hi @philippe,

please provide some logs to get better help.


2023-09-15 11:29:22,294 [20] [cmk.mknotifyd.outgoing(] Establishing upgradable connection
2023-09-15 11:29:22,295 [40] [cmk.mknotifyd.outgoing(] Error: cannot create TCP channel:
Traceback (most recent call last):
  File "/omd/sites/master/lib/python3/cmk/cee/mknotifyd/", line 564, in connect_outgoing
  File "/omd/sites/master/lib/python3/cmk/cee/mknotifyd/", line 597, in _establish_outgoing_connection
    self.socket.connect(str(self._paths.tmp_dir / f"{ipaddress}:{port}"))
FileNotFoundError: [Errno 2] No such file or directory


2023-09-15 11:31:50,948 [20] [cmk.mknotifyd.outgoing(] Establishing upgradable connection
2023-09-15 11:31:50,995 [20] [cmk.mknotifyd.outgoing(] Falling back to unencrypted connection
2023-09-15 11:31:50,995 [20] [cmk.mknotifyd.outgoing(] Connection in progress
2023-09-15 11:31:50,996 [20] [cmk.mknotifyd.outgoing(] Successfully connected
2023-09-15 11:31:51,011 [30] [cmk.mknotifyd.outgoing(] Remote site closed connection.