Liked TomGelf’s post in the thread Is rerunning the kickstart wizzard from the cli really save ?.Like (Post)sru : I guess the part mentioning the `kickstart.ini` on the page you linked might help.
I need to correct myself, the CA regeneration does not work with the icinga2 pki command. This expects to sign a client certificate only and sets the v3 extensions to CA:FALSE, which remains broken.
A working example is to create an extensions file…
Replied to the thread ca.crt verification error with openssl 1.1.0 (illegal zero content in Field=serialNumber).PostThanks a lot, my post was just to late, haven't seen your last post before i started my post.
I have recreated the certificate again with your extension settings. All looks very well now.
Replied to the thread ca.crt verification error with openssl 1.1.0 (illegal zero content in Field=serialNumber).PostI did some further Testing
(Quote from dnsmichi)
will not work for the remote nodes:
(Code, 1 line)
This works, but maybe does not have the proper extensions:
(Code, 9 lines)
I just tested this on Debian 9 and it worked too.