Check_MK over SSL

One question we get asked quite often is "How do I enable HTTPS in Check_MK?".

SSL has become a ubiquitous technology for securing web traffic and nearly everything is now served over HTTPS. So why not Check_MK!

 

Check_MK Appliance

If you are operating a Check_MK appliance, you have the ability to configure SSL via the management web interface. Instructions can be found here: http://mathias-kettner.com/cms_cma_ssl.html

 

Other Operating Systems

Modern Check_MK distributions already include configuration to facilitate HTTPS connections.
The last step required is to install the Apache "mod_ssl" extension. 

Most Linux distributions will have the Apache extension available in their package repository.
For this example, we will be using CentOS 7. 

 

1) Install the mod_ssl package

yum install mod_ssl 

 

2) Verify that the extension has been loaded

apachectl -M | grep ssl_module

 

 

Configuring Certificates

To use custom SSL certificates, we will modify two directives in the system's Apache configuration to point to the new certificates. 


Open /etc/httpd/conf.d/ssl.conf with your favourite editor and find these two lines:


1) SSLCertificateFile /etc/pki/tls/certs/localhost.crt

Modify this path to point to your SSL certificate file. 

 

2) SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Modify this path to point to your SSL private key. 

 

Once these paths have been updated, save the file and restart the Apache service. 

You should now be able to access Check_MK via HTTPS.

 

 

Force redirect from HTTP to HTTPS

If you wish to configure an automatic redirect to the SSL site, we must add a few extra configuration directives. 


We can simply append the following to /etc/httpd/conf.d/welcome.conf 

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

 

Once Apache is restarted, all HTTP requests will be redirected to HTTPS.  

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.