check_cert: Clarify "Allow self-signed certificates" option

rseltmann · rseltmann · commit 1e9fa2e272b7 · 2025-03-26T17:37:48.000+01:00
check_cert has the option to allow self-signed certificates. This will currently only ignore the OpenSSL error `18: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT` during verification.
Any other OpenSSL errors related to the certificate, e.g. `19: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN` will still trigger an alert.

SUP-22489

Change-Id: Ia8304227e9cdedb611e02162e8959569e4079aae
diff --git a/cmk/plugins/collection/rulesets/cert.py b/cmk/plugins/collection/rulesets/cert.py
@@ -73,8 +73,9 @@ def _valuespec_validity() -> Dictionary:
             "self_signed": DictElement[bool](
                 parameter_form=BooleanChoice(
                     help_text=Help(
-                        "The service will not warn if self-signed certificates are used "
-                        "if this option is checked."
+                        "Checking this option allows self-signed certificates by ignoring OpenSSL "
+                        "error 18 (self signed certificate), and the service will not warn when "
+                        "this error is returned. Other errors will still trigger an alert."
                     ),
                     label=Label("Allow self-signed certificates"),
                 ),
