Icinga2 - Newbie (apologies for the silly question(s)...)

This forum was archived to /woltlab and is now in read-only mode.
  • Hi all,


    I am doing a little project for myself where I am deploying Icinga2 in my Linux environment and have run in to an issue when trying to get the client talking to the master - summary below


    Master Node is Setup / Webpage working also - no issues as of now


    On the client I have installed the Icinga2 package and then when I go to run the wizard and point it towards the master I get this message after I provide the ticket generated on the master


    critical/cli: Invalid ticket.
    critical/cli: Failed to fetch signed certificate from master 'XXXXXXXXXX, 5665'. Please try again.


    When I tail the logs on the master I see


    New client connection for identity 'xxxxxxxxxxxxxxxxx' (client certificate not signed by CA)
    PI client disconnected for identity 'xxxxxxxxxxxxxxxxxxxx'


    So i then went looking at OPENSSL commands and found that when I verify the client's certificate and its received `ca.crt` in `/etc/icinga2/pki` I get the below error on the client


    openssl verify -verbose -CAfile /etc/icinga2/pki/ca.crt /etc/icinga2/pki/XXXXXXXXXX.crt
    /etc/icinga2/pki/XXXXXXXx: CN = XXXXXXXXXXX
    error 18 at 0 depth lookup:self signed certificate
    OK


    So any help will be greatly appreciated please.


    Thank you.

  • The client created a self-signed certificate but did not receive a signed certificate through CSR-autosigning. The ticket generated on the master was invalid - how did you create it? Please use telling names, such as myhost1.localdomain

  • I followed the wizard for the master which generated the ticket for me.


    To be honest I am not sure where to go with this or how to correct it