Werk #3081: mk_jolokia: plugin now supports setting custom CAs for verifying server certificate as well as sending a client certificate
Component | Checks & agents |
Title | mk_jolokia: plugin now supports setting custom CAs for verifying server certificate as well as sending a client certificate |
Date | Feb 22, 2016 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0i1 |
Level | Trivial Change |
Class | New Feature |
Compatibility | Compatible - no manual interaction needed |
The CA can be set through the new configuration parameter "cert_path". This can also be set to None, in which case the server certificate is not verified. If cert_path is not set, the behaviour is identical to the old behaviour which is dependent on the python version. Old python versions (not sure exactly, probably up to at least 2.5) ignored server certificates, later versions checked against system-wide trusted CAs.
To send a client certificate, set "client_cert" and "client_key". The key can't be password protected.
"mode" also supports a new option called "https". If this is set, the client certificate parameters need to be set and no further authentication should be expected by the server.