On 11.10.19 11:10, stephen.wea...@bluesky.co.uk wrote:
> Hi All
> I have a customer with their own on site servers that we monitor for them,
> unfortunately one of the servers is Windows 2003 with IIS6, it is running
> very old custom CMS, my problem is the SSL on the CMS is TLS v1
> and the SSL certificate expiry check in Check_MK does seem to work
> over TLS v1.
> Anyone know if TLS v1 can be enabled for the SSL Certificate Check in
> Check_MK version 1.5.0p19?

This is often an issue with the underlying Linux distribution disabling
older TLS versions by default. E.g. Debian 10 does it in

ssl_conf = ssl_sect

system_default = system_default_sect

MinProtocol = TLSv1.2

You can create a customized copy of openssl.cnf in $OMD_ROOT/etc and
remove these lines.

Add this line to $OMD_ROOT/etc/environment:


and restart your site.

After that the OpenSSL libraries should connect again to older TLS servers.

Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin


Tel: 030 / 405051-43
Fax: 030 / 405051-19

Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin

Attachment: signature.asc
Description: OpenPGP digital signature

checkmk-en mailing list
Manage your subscription or unsubscribe

Reply via email to