diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md
index 249e43ff48b..909efbe851b 100644
--- a/doc/10-icinga-template-library.md
+++ b/doc/10-icinga-template-library.md
@@ -5939,6 +5939,7 @@ ssl_cert_ignore_ocsp_errors   | **Optional.** Continue if the OCSP status cannot
 ssl_cert_ignore_ocsp_timeout  | **Optional.** Ignore OCSP result when timeout occurs while checking.
 ssl_cert_ignore_sct           | **Optional.** Do not check for signed certificate timestamps.
 ssl_cert_ignore_tls_renegotiation  | **Optional.** Do not check for renegotiation.
+ssl_cert_dane                 | **Optional.** Verify that valid DANE records exist ({211,301,302,311,312} or empty string).
 
 
 #### jmx4perl <a id="plugin-contrib-command-jmx4perl"></a>
diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf
index 5194ffb1775..62ae886c990 100644
--- a/itl/plugins-contrib.d/web.conf
+++ b/itl/plugins-contrib.d/web.conf
@@ -582,6 +582,11 @@ object CheckCommand "ssl_cert" {
 			value = "$ssl_cert_maximum_validity$"
 			description = "The maximum validity of the certificate in days (default: 397)"
 		}
+		"--dane" = {
+			value = "$ssl_cert_dane$"
+			description = "verify that valid DANE records exist (since OpenSSL 1.1.0)"
+			repeat_key = false
+		}
 
 	}