Page Comparison

...

There is some further reading on certificate chains, which we want to share in advance and encourage you to read and understand:

• https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
• https://success.qualys.com/discussions/s/article/000005824
• https://success.qualys.com/discussions/s/article/000003198
  
  

Simply put, you only need a few things to work properly:

• Your client (monitored system) will need to trust the root certificate of your CA (The internet is full of guides on how to achieve that for several operating systems).
• Your web server has to serve the certificate chain (without the root certificate) in addition to the server certificate.

...

• Private Key file
• Server Certificate file
• CA Intermediate Certificate file(s)
• CA Root Certificate file (not necessary for this guide)
  
  

For the first two, if you do not have or know how to get them, ask your PKI administrator or the person responsible for certificates in your organization. They should actually be able to provide you with all the files necessary.
If you have the former two files already and don't want to bother your certificate person, you can extract the CA files from your web browser.

...

 Navigate to your Checkmk web interface

• Firefox
  
  

  1. Click on the little lock icon
     

     .

  2. Then click on Connection secure and More information.
     

     .

  3. Now you see the Page Info, where you click on View Certificate.
     .

  4. This brings you to a page where you can inspect and download all certificates involved.
     

     .

• Chrome(ium)
  
  

  1. Click on the little lock icon
     

     .

  2. Then click on Connection is secure and Certificate is valid.
     

     .

  3. This brings you to a page where you can inspect and download all certificates involved.
     

     
     

...