Icinga certs questions

Icinga 2
,
1

Hello Community and Devs,
I have several questions about what’s possible with icinga CA.

  1. Is it possible (now or in the future) to use an external CA (a company one for example) for icinga to sign endpoints csr instead of using the icinga generated one ?
    As far i understood this related post, it seems possible but may introduce unexpected behaviors which could be hard to debug and solve.
    Own CA for Icinga Cluster/API communication?

  2. Is it possible (now or in the future) to have multiple SAN (suject alternative name, endpoint fqdn for icinga) for an endpoint certificate ?
    The idea is to have both the endpoint fqdn and an other fqdn pointing to a virtual address to ensure high availability.

Thanks by advance,

1 Like
2

Hello there,
Is there any chances this could come true in the future ?

3

Hello @sysres-dev!

  1. You understand the mentioned post correctly. You can use your own CA – at your own risk.
  2. Please describe more detailed what you’d like to do and what for.

Best
AK

4

I agree. I’d like to see it just support standard Openssl and its interactions with CA’s/Cert’s. Or just use the OS Trusted CA’s and certs stores like any application basically. Linux and Windows both have them, and browsers too and its the way of the world nowdays. Only getting more so.