[{"data":1,"prerenderedAt":693},["ShallowReactive",2],{"docs-navigation":3,"doc-\u002Fmonitoring\u002Fcertificates":312},[4,22,92,129,142,155,188,217,250,279,291],{"title":5,"path":6,"stem":7,"children":8,"page":21},"Erste Schritte","\u002Fgetting-started","01.getting-started",[9,13,17],{"title":10,"path":11,"stem":12},"Was ist LIVCK Cloud?","\u002Fgetting-started\u002Fwhat-is-livck","01.getting-started\u002F01.what-is-livck",{"title":14,"path":15,"stem":16},"Schnellstart","\u002Fgetting-started\u002Fquickstart","01.getting-started\u002F02.quickstart",{"title":18,"path":19,"stem":20},"Das Dashboard","\u002Fgetting-started\u002Fdashboard","01.getting-started\u002F03.dashboard",false,{"title":23,"path":24,"stem":25,"children":26,"page":21},"Monitoring","\u002Fmonitoring","02.monitoring",[27,31,64,68,72,76,80,84,88],{"title":28,"path":29,"stem":30},"Services verwalten","\u002Fmonitoring\u002Fservices","02.monitoring\u002F01.services",{"title":32,"path":33,"stem":34,"children":35,"page":21},"Check-Typen","\u002Fmonitoring\u002Fchecks","02.monitoring\u002F02.checks",[36,40,44,48,52,56,60],{"title":37,"path":38,"stem":39},"HTTP\u002FHTTPS-Checks","\u002Fmonitoring\u002Fchecks\u002Fhttp","02.monitoring\u002F02.checks\u002F01.http",{"title":41,"path":42,"stem":43},"TCP-Port-Checks","\u002Fmonitoring\u002Fchecks\u002Ftcp","02.monitoring\u002F02.checks\u002F02.tcp",{"title":45,"path":46,"stem":47},"DNS-Checks","\u002Fmonitoring\u002Fchecks\u002Fdns","02.monitoring\u002F02.checks\u002F03.dns",{"title":49,"path":50,"stem":51},"Ping-Checks (ICMP)","\u002Fmonitoring\u002Fchecks\u002Ficmp","02.monitoring\u002F02.checks\u002F04.icmp",{"title":53,"path":54,"stem":55},"SSL-Zertifikat-Checks","\u002Fmonitoring\u002Fchecks\u002Fssl","02.monitoring\u002F02.checks\u002F05.ssl",{"title":57,"path":58,"stem":59},"Heartbeat-Checks (Push-Monitoring)","\u002Fmonitoring\u002Fchecks\u002Fheartbeat","02.monitoring\u002F02.checks\u002F06.heartbeat",{"title":61,"path":62,"stem":63},"Manuelle Services","\u002Fmonitoring\u002Fchecks\u002Fmanual","02.monitoring\u002F02.checks\u002F07.manual",{"title":65,"path":66,"stem":67},"Check-Einstellungen","\u002Fmonitoring\u002Fcheck-settings","02.monitoring\u002F03.check-settings",{"title":69,"path":70,"stem":71},"Bedingungen","\u002Fmonitoring\u002Fconditions","02.monitoring\u002F04.conditions",{"title":73,"path":74,"stem":75},"Monitoring-Standorte","\u002Fmonitoring\u002Flocations","02.monitoring\u002F05.locations",{"title":77,"path":78,"stem":79},"Service-Detailseite","\u002Fmonitoring\u002Fservice-detail","02.monitoring\u002F06.service-detail",{"title":81,"path":82,"stem":83},"Artifacts","\u002Fmonitoring\u002Fartifacts","02.monitoring\u002F07.artifacts",{"title":85,"path":86,"stem":87},"Status überschreiben","\u002Fmonitoring\u002Fstatus-override","02.monitoring\u002F08.status-override",{"title":89,"path":90,"stem":91},"Eigene Zertifikate (mTLS & private CAs)","\u002Fmonitoring\u002Fcertificates","02.monitoring\u002F09.certificates",{"title":93,"path":94,"stem":95,"children":96,"page":21},"Incidents","\u002Fincidents","03.incidents",[97,101,105,109,113,117,121,125],{"title":98,"path":99,"stem":100},"Incidents verstehen","\u002Fincidents\u002Foverview","03.incidents\u002F01.overview",{"title":102,"path":103,"stem":104},"Incident erstellen","\u002Fincidents\u002Fcreate-incident","03.incidents\u002F02.create-incident",{"title":106,"path":107,"stem":108},"Incident verwalten","\u002Fincidents\u002Fmanage-incident","03.incidents\u002F03.manage-incident",{"title":110,"path":111,"stem":112},"Automatische Erkennung","\u002Fincidents\u002Fauto-detection","03.incidents\u002F04.auto-detection",{"title":114,"path":115,"stem":116},"Interne Kommentare","\u002Fincidents\u002Fincident-comments","03.incidents\u002F05.incident-comments",{"title":118,"path":119,"stem":120},"Postmortems","\u002Fincidents\u002Fpostmortems","03.incidents\u002F06.postmortems",{"title":122,"path":123,"stem":124},"Incident-Richtlinien","\u002Fincidents\u002Fincident-policies","03.incidents\u002F07.incident-policies",{"title":126,"path":127,"stem":128},"Incident-Vorlagen","\u002Fincidents\u002Fincident-templates","03.incidents\u002F08.incident-templates",{"title":130,"path":131,"stem":132,"children":133,"page":21},"Eskalation","\u002Fescalation","04.escalation",[134,138],{"title":135,"path":136,"stem":137},"Eskalationsrichtlinien","\u002Fescalation\u002Fpolicies","04.escalation\u002F01.policies",{"title":139,"path":140,"stem":141},"Eskalation während eines Incidents","\u002Fescalation\u002Fduring-incident","04.escalation\u002F02.during-incident",{"title":143,"path":144,"stem":145,"children":146,"page":21},"Wartungen","\u002Fmaintenance","05.maintenance",[147,151],{"title":148,"path":149,"stem":150},"Wartungen planen","\u002Fmaintenance\u002Foverview","05.maintenance\u002F01.overview",{"title":152,"path":153,"stem":154},"Wartungs-Benachrichtigungen","\u002Fmaintenance\u002Fnotifications","05.maintenance\u002F02.notifications",{"title":156,"path":157,"stem":158,"children":159,"page":21},"Statuspages","\u002Fstatuspages","06.statuspages",[160,164,168,172,176,180,184],{"title":161,"path":162,"stem":163},"Statuspages verstehen","\u002Fstatuspages\u002Foverview","06.statuspages\u002F01.overview",{"title":165,"path":166,"stem":167},"Statuspage erstellen","\u002Fstatuspages\u002Fcreate-statuspage","06.statuspages\u002F02.create-statuspage",{"title":169,"path":170,"stem":171},"Zugriffskontrolle","\u002Fstatuspages\u002Faccess-control","06.statuspages\u002F03.access-control",{"title":173,"path":174,"stem":175},"Komponenten verwalten","\u002Fstatuspages\u002Fcomponents","06.statuspages\u002F04.components",{"title":177,"path":178,"stem":179},"Abonnenten (Subscriber)","\u002Fstatuspages\u002Fsubscribers","06.statuspages\u002F05.subscribers",{"title":181,"path":182,"stem":183},"Custom Domains","\u002Fstatuspages\u002Fcustom-domains","06.statuspages\u002F06.custom-domains",{"title":185,"path":186,"stem":187},"Öffentliche Ansicht","\u002Fstatuspages\u002Fpublic-view","06.statuspages\u002F07.public-view",{"title":189,"path":190,"stem":191,"children":192,"page":21},"Team & Organisation","\u002Fteam","07.team",[193,197,201,205,209,213],{"title":194,"path":195,"stem":196},"Organisationen","\u002Fteam\u002Forganizations","07.team\u002F01.organizations",{"title":198,"path":199,"stem":200},"Mitglieder verwalten","\u002Fteam\u002Fmembers","07.team\u002F02.members",{"title":202,"path":203,"stem":204},"Rollen & Berechtigungen","\u002Fteam\u002Froles","07.team\u002F03.roles",{"title":206,"path":207,"stem":208},"Teams","\u002Fteam\u002Fteams","07.team\u002F04.teams",{"title":210,"path":211,"stem":212},"Einladungen","\u002Fteam\u002Finvitations","07.team\u002F05.invitations",{"title":214,"path":215,"stem":216},"Enterprise SSO (Single Sign-On)","\u002Fteam\u002Fsso","07.team\u002F06.sso",{"title":218,"path":219,"stem":220,"children":221,"page":21},"Abrechnung","\u002Fbilling","08.billing",[222,226,230,234,238,242,246],{"title":223,"path":224,"stem":225},"Pläne & Preise","\u002Fbilling\u002Fplans","08.billing\u002F01.plans",{"title":227,"path":228,"stem":229},"Plan wechseln","\u002Fbilling\u002Fupgrade-downgrade","08.billing\u002F02.upgrade-downgrade",{"title":231,"path":232,"stem":233},"Zahlungsmethoden","\u002Fbilling\u002Fpayment","08.billing\u002F03.payment",{"title":235,"path":236,"stem":237},"Rechnungen","\u002Fbilling\u002Finvoices","08.billing\u002F04.invoices",{"title":239,"path":240,"stem":241},"SMS- & Voice-Guthaben","\u002Fbilling\u002Fsms-credits","08.billing\u002F05.sms-credits",{"title":243,"path":244,"stem":245},"Plan-Limits","\u002Fbilling\u002Flimits","08.billing\u002F06.limits",{"title":247,"path":248,"stem":249},"Add-Ons","\u002Fbilling\u002Fadd-ons","08.billing\u002F07.add-ons",{"title":251,"path":252,"stem":253,"children":254,"page":21},"Account & Sicherheit","\u002Faccount","09.account",[255,259,263,267,271,275],{"title":256,"path":257,"stem":258},"Profil bearbeiten","\u002Faccount\u002Fprofile","09.account\u002F01.profile",{"title":260,"path":261,"stem":262},"Passwort ändern","\u002Faccount\u002Fpassword","09.account\u002F02.password",{"title":264,"path":265,"stem":266},"Anmelden mit Google, GitHub & Discord","\u002Faccount\u002Fsocial-login","09.account\u002F03.social-login",{"title":268,"path":269,"stem":270},"Zwei-Faktor-Authentifizierung","\u002Faccount\u002Ftwo-factor","09.account\u002F04.two-factor",{"title":272,"path":273,"stem":274},"Account löschen","\u002Faccount\u002Fdelete-account","09.account\u002F05.delete-account",{"title":276,"path":277,"stem":278},"Erscheinungsbild","\u002Faccount\u002Fappearance","09.account\u002F06.appearance",{"title":280,"path":281,"stem":282,"children":283,"page":21},"Benachrichtigungen","\u002Fnotifications","10.notifications",[284,287],{"title":280,"path":285,"stem":286},"\u002Fnotifications\u002Foverview","10.notifications\u002F01.overview",{"title":288,"path":289,"stem":290},"Benachrichtigungskanäle","\u002Fnotifications\u002Fchannels","10.notifications\u002F02.channels",{"title":292,"path":293,"stem":294,"children":295,"page":21},"FAQ","\u002Ffaq","13.faq",[296,300,304,308],{"title":297,"path":298,"stem":299},"Allgemeine Fragen","\u002Ffaq\u002Fgeneral","13.faq\u002F01.general",{"title":301,"path":302,"stem":303},"Häufige Fragen zum Monitoring","\u002Ffaq\u002Fmonitoring-faq","13.faq\u002F02.monitoring-faq",{"title":305,"path":306,"stem":307},"Häufige Fragen zur Abrechnung","\u002Ffaq\u002Fbilling-faq","13.faq\u002F03.billing-faq",{"title":309,"path":310,"stem":311},"Fehlerbehebung","\u002Ffaq\u002Ftroubleshooting","13.faq\u002F04.troubleshooting",{"id":313,"title":89,"body":314,"description":687,"extension":688,"meta":689,"navigation":690,"path":90,"seo":691,"stem":91,"__hash__":692},"docs\u002F02.monitoring\u002F09.certificates.md",{"type":315,"value":316,"toc":674},"minimark",[317,321,334,498,502,517,530],[318,319,89],"h1",{"id":320},"eigene-zertifikate-mtls-private-cas",[322,323,324,325,329,330,333],"p",{},"Manche Endpunkte lassen sich nicht ohne Weiteres prüfen: Sie verlangen ein ",[326,327,328],"strong",{},"Client-Zertifikat"," (gegenseitige TLS-Authentifizierung, \"mTLS\") oder ihr Server-Zertifikat ist von einer ",[326,331,332],{},"eigenen, internen CA"," ausgestellt statt von einem öffentlichen Anbieter. Für diese Fälle hinterlegst du eigene Zertifikate und weist sie deinen HTTP- und SSL-Checks zu.",[335,336,340,345,366,374,378,435,439,450],"screenshot",{"alt":337,"caption":338,"src":339},"Die Zertifikate-Übersicht in den Einstellungen mit Name, Typ, Subject, Ablauf und Verwendung","Die Zertifikate-Übersicht (Einstellungen → Zertifikate): hinterlegte Client-Zertifikate und CA-Bundles mit Typ, Restlaufzeit und Anzahl nutzender Services.","\u002Fimages\u002Fscreenshots\u002Fcertificates-list.png",[341,342,344],"h2",{"id":343},"wann-brauchst-du-das","Wann brauchst du das?",[346,347,348,355],"ul",{},[349,350,351,354],"li",{},[326,352,353],{},"Der Server verlangt ein Client-Zertifikat (mTLS)"," -- z.B. interne APIs, Partner-Schnittstellen oder Admin-Endpunkte, die nur authentifizierte Clients durchlassen. Ohne passendes Client-Zertifikat bricht der Handshake ab und der Check ist Offline.",[349,356,357,360,361,365],{},[326,358,359],{},"Der Server nutzt eine private\u002Finterne CA"," -- das Zertifikat ist nicht von Let's Encrypt, DigiCert o.ä. signiert. Bei aktiver ",[362,363,364],"a",{"href":38},"SSL-Verifizierung"," würde der Check sonst scheitern, weil die Kette nicht öffentlich vertrauenswürdig ist.",[367,368,371],"callout",{"title":369,"type":370},"Brauchst du das nicht, lass es weg","info",[322,372,373],{},"Für normale, öffentlich erreichbare Websites mit Let's Encrypt o.ä. ist hier nichts zu tun. Eigene Zertifikate sind nur für mTLS-geschützte oder intern-signierte Endpunkte gedacht.",[341,375,377],{"id":376},"zwei-arten","Zwei Arten",[379,380,381,397],"table",{},[382,383,384],"thead",{},[385,386,387,391,394],"tr",{},[388,389,390],"th",{},"Art",[388,392,393],{},"Inhalt",[388,395,396],{},"Wofür",[398,399,400,418],"tbody",{},[385,401,402,408,411],{},[403,404,405],"td",{},[326,406,407],{},"Client-Zertifikat (mTLS)",[403,409,410],{},"Zertifikat + privater Schlüssel (optional Chain)",[403,412,413,414,417],{},"Wird beim Verbindungsaufbau ",[326,415,416],{},"vorgezeigt",", um sich beim Server zu authentifizieren.",[385,419,420,425,428],{},[403,421,422],{},[326,423,424],{},"CA-Bundle",[403,426,427],{},"Ein oder mehrere CA-Zertifikate (kein Schlüssel)",[403,429,430,431,434],{},"Eine CA, der LIVCK beim Prüfen des ",[326,432,433],{},"Server-Zertifikats"," vertrauen soll (private\u002Finterne CA).",[341,436,438],{"id":437},"zertifikat-hochladen","Zertifikat hochladen",[322,440,441,442,445,446,449],{},"Unter ",[326,443,444],{},"Einstellungen → Zertifikate"," → ",[326,447,448],{},"Zertifikat hinzufügen",". Du kannst die Inhalte einfügen, eine Datei auswählen oder per Drag & Drop ablegen.",[335,451,455,460,487,492],{"alt":452,"caption":453,"src":454},"Der Dialog zum Hinzufügen eines Zertifikats mit Typ-Auswahl, PEM\u002FPKCS#12-Umschalter und Upload-Feldern","Hochladen: Typ wählen (Client-Zertifikat oder CA-Bundle), dann PEM einfügen\u002Fper Datei wählen – oder auf .p12\u002F.pfx umschalten.","\u002Fimages\u002Fscreenshots\u002Fcertificates-dialog.png",[322,456,457,459],{},[326,458,328],{}," -- zwei Wege:",[346,461,462,473],{},[349,463,464,467,468,472],{},[326,465,466],{},"PEM",": Zertifikat (",[469,470,471],"code",{},"-----BEGIN CERTIFICATE-----",") und privaten Schlüssel getrennt, optional eine CA-Chain.",[349,474,475,478,479,482,483,486],{},[326,476,477],{},"PKCS#12 \u002F PFX",": eine einzelne ",[469,480,481],{},".p12","- oder ",[469,484,485],{},".pfx","-Datei (enthält Zertifikat + Schlüssel) zusammen mit ihrer Passphrase.",[322,488,489,491],{},[326,490,424],{}," -- das\u002Fdie CA-Zertifikat(e) als PEM.",[367,493,495],{"title":494,"type":370},"Passphrase wird beim Upload verarbeitet",[322,496,497],{},"Ist dein privater Schlüssel mit einer Passphrase geschützt, gib sie beim Upload an. LIVCK entschlüsselt den Schlüssel einmalig und speichert ihn anschließend verschlüsselt – die Probes brauchen die Passphrase danach nicht mehr.",[341,499,501],{"id":500},"einem-service-zuweisen","Einem Service zuweisen",[322,503,504,505,508,509,512,513,516],{},"Beim Anlegen oder Bearbeiten eines ",[326,506,507],{},"HTTP-"," oder ",[326,510,511],{},"SSL-Checks"," erscheint der Abschnitt ",[326,514,515],{},"TLS-Client-Zertifikat & eigene CA",":",[346,518,519,524],{},[349,520,521,523],{},[326,522,407],{}," -- wähle das hinterlegte Client-Zertifikat, das vorgezeigt werden soll.",[349,525,526,529],{},[326,527,528],{},"Dieser CA vertrauen"," -- wähle ein CA-Bundle, dem für das Server-Zertifikat vertraut wird.",[335,531,535,549,552,556,559,578,585,589,619,629,633,648,652],{"alt":532,"caption":533,"src":534},"Der Abschnitt TLS-Client-Zertifikat und eigene CA im HTTP-Check mit zwei Auswahlfeldern","Im HTTP- oder SSL-Check: das hinterlegte Client-Zertifikat und\u002Foder die zu vertrauende CA auswählen.","\u002Fimages\u002Fscreenshots\u002Fcertificate-assign.png",[367,536,539],{"title":537,"type":538},"Private CA + SSL-Verifizierung","tip",[322,540,541,542,545,546,548],{},"Damit ein intern signierter Server als gültig zählt, brauchst du beides: ein ",[326,543,544],{},"CA-Bundle zuweisen"," und die ",[362,547,364],{"href":38}," aktiv lassen. Dann verifiziert LIVCK die Kette gegen deine CA statt gegen die öffentlichen Wurzelzertifikate.",[322,550,551],{},"Beide Felder sind optional und unabhängig: nur Client-Zertifikat (mTLS), nur CA (privater Trust) oder beides zusammen.",[341,553,555],{"id":554},"ablauf-überwachung","Ablauf-Überwachung",[322,557,558],{},"Jedes hinterlegte Zertifikat zeigt in der Übersicht Betreff (Subject), Aussteller, Fingerprint und Restlaufzeit mit Status:",[346,560,561,567,573],{},[349,562,563,566],{},[326,564,565],{},"Gültig"," -- mehr als 30 Tage Restlaufzeit",[349,568,569,572],{},[326,570,571],{},"Läuft ab"," -- innerhalb von 30 Tagen",[349,574,575],{},[326,576,577],{},"Abgelaufen",[322,579,580,581,584],{},"Der Owner der Organisation erhält rechtzeitig eine E-Mail – bei ",[326,582,583],{},"30, 14, 7 und 1 Tag"," vor Ablauf sowie beim Ablauf selbst. So tauschst du ein Zertifikat aus, bevor mTLS-Checks fehlschlagen.",[341,586,588],{"id":587},"sicherheit","Sicherheit",[346,590,591,602,609,616],{},[349,592,593,594,597,598,601],{},"Privater Schlüssel und Material werden ",[326,595,596],{},"verschlüsselt gespeichert"," und ",[326,599,600],{},"verschlüsselt"," zur prüfenden Probe übertragen – nie im Klartext.",[349,603,604,605,608],{},"Nach dem Upload wird das Material ",[326,606,607],{},"nie wieder angezeigt","; sichtbar sind nur die Metadaten (Subject, Aussteller, Ablauf, Fingerprint).",[349,610,611,612,615],{},"Entschlüsselt wird ausschließlich ",[326,613,614],{},"auf der Probe",", im Moment des Checks.",[349,617,618],{},"In Benutzung befindliche Zertifikate lassen sich nicht löschen – entferne sie zuerst von den betroffenen Services.",[367,620,622],{"title":621,"type":538},"Datenresidenz steuern",[322,623,624,625,628],{},"Beim Check liegt der entschlüsselte Schlüssel kurzzeitig im Arbeitsspeicher der ausführenden Probe. Soll er die EU nicht verlassen, weise dem Service unter ",[362,626,627],{"href":74},"Standorte"," ausschließlich EU-Probes zu.",[341,630,632],{"id":631},"verfügbarkeit","Verfügbarkeit",[322,634,635,636,639,640,643,644,647],{},"Eigene Zertifikate sind in ",[326,637,638],{},"allen Plänen"," verfügbar. Das Verwalten erfordert die Berechtigung ",[326,641,642],{},"Zertifikate verwalten"," – der Owner hat sie immer, anderen Mitgliedern kannst du sie über ",[362,645,646],{"href":203},"Rollen"," zuweisen.",[341,649,651],{"id":650},"weiterführende-themen","Weiterführende Themen",[346,653,654,659,664,669],{},[349,655,656,658],{},[362,657,37],{"href":38}," -- Client-Zertifikat & SSL-Verifizierung",[349,660,661,663],{},[362,662,53],{"href":54}," -- Ablauf öffentlich erreichbarer Zertifikate überwachen",[349,665,666,668],{},[362,667,627],{"href":74}," -- festlegen, von welchen Probes geprüft wird",[349,670,671,673],{},[362,672,646],{"href":203}," -- Berechtigungen für Team-Mitglieder",{"title":675,"searchDepth":676,"depth":676,"links":677},"",3,[678,680,681,682,683,684,685,686],{"id":343,"depth":679,"text":344},2,{"id":376,"depth":679,"text":377},{"id":437,"depth":679,"text":438},{"id":500,"depth":679,"text":501},{"id":554,"depth":679,"text":555},{"id":587,"depth":679,"text":588},{"id":631,"depth":679,"text":632},{"id":650,"depth":679,"text":651},"Hinterlege Client-Zertifikate für mTLS und eigene CAs, damit HTTP- und SSL-Checks auch geschützte oder interne Endpunkte erreichen.","md",{},null,{"title":89,"description":687},"rtxeBPdDI9pcp00DTRUl_Zz-fWJi7r2m69sUqJntAFw",1782744039387]