One question we get asked quite often is “How do I enable HTTPS in Check_MK?”.
SSL has become a ubiquitous technology for securing web traffic and nearly everything is now served over HTTPS. So why not Check_MK!
Check_MK Appliance
If you are operating a Check_MK appliance, you have the ability to configure SSL via the management web interface. Instructions can be found here: http://mathias-kettner.com/cms_cma_ssl.html
Other Operating Systems
Modern Check_MK distributions already include configuration to facilitate HTTPS connections.
The last step required is to install the Apache “mod_ssl” extension.
Most Linux distributions will have the Apache extension available in their package repository.
For this example, we will be using CentOS 7.
1) Install the mod_ssl package
yum install mod_ssl
2) Verify that the extension has been loaded
apachectl -M | grep ssl_module
Configuring Certificates
To use custom SSL certificates, we will modify two directives in the system’s Apache configuration to point to the new certificates.
Open /etc/httpd/conf.d/ssl.conf with your favourite editor and find these two lines:
1) SSLCertificateFile /etc/pki/tls/certs/localhost.crt
Modify this path to point to your SSL certificate file.
2) SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Modify this path to point to your SSL private key.
Once these paths have been updated, save the file and restart the Apache service.
You should now be able to access Check_MK via HTTPS.
Force redirect from HTTP to HTTPS
If you wish to configure an automatic redirect to the SSL site, we must add a few extra configuration directives.
We can simply append the following to /etc/httpd/conf.d/welcome.conf
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]Once Apache is restarted, all HTTP requests will be redirected to HTTPS.