On-demand CSR Signing: Generate request without wizard

This forum was archived to /woltlab and is now in read-only mode.
  • Hello,


    Apologies if this has been asked, I've tried using search engines and searching on this forum but couldn't find my issue.


    I'm attempting to write Ansible roles to deploy Icinga2 and am having issues with certificate signing. According to the docs, on-demand CSR signing is what I want, ie I want the clients to automatically (via ansible) issue a request for a signed certificate, this request would be added to the master's CA list (icinga2 ca list) which we could manually verify and approve. However all the documentation I can find only shows how to do this via the wizard, which I can't use as I don't have an interactive session.


    How do I create a CSR such that it would appear in the `icinga2 ca list` on the master, without using the wizard?


    Thanks

  • Ansible roles should use the ticket signing approach like you are used to it for now, including the pki ticket command on the master. This allows for easier automation than the asynchronous wait for "ca list" to finally popup. The latter works well with non-automation setups.