I use icingaweb2 2.12.2. I would like to configure the icingadb module to use tls to connect to redis. Redis is on the two icinga master servers and icingaweb2 runs on a separate server. I have a configuration file /etc/icingaweb2/modules/icingadb/redis.ini like this:
With this configuration, I get the following error message in icingaweb2:
Can't connect to Redis: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000086:SSL routines::certificate verify failed
When I interactively copy the certificates and the key in the redis-configuration of icingadb in icingaweb2 and save the configuration, everything works fine.
Is there no way to use the filenames in redis.ini? Is this a bug?
Are you sure your redis.ini file is correct? I have just configured a CA certificate on my test setup and a ca option appeared in the [redis] block, not tls_cacert.
Could you please try to recreate the configuration from the web and compare it with your configuration?
Otherwise, could you please try to use the openssl client command line utility to connect to your Redis server with the CA certificate and the client certificate?
Hi Alvar
Thanks for your reply.
After many tests and looking into the php code, I finally found a working solution. The problem was, that I put some values into the wrong configuration file. There are the three files commandtransports.ini, config.ini and redis.ini in /etc/icingaweb2/modules/icingadb. When you want to configure redis with a password and tls, you need the following configuration (filenames can be changed as you wish):
config.ini: