Hi ALL,
I success to create master->satellite->agente. I tried to create a master->satellite1->satellite2->agente. When I refer satellite1 as parent for satellite2 i got error when the Wizard tried to validaded the CA certs. Please, let me know what I misunderstood.
I have set up Master → Satellite → Satellite → Agent systems and it
works, so there is nothing wrong with your basic idea (even though this
arrangement does not appear in the standard documentation).
That is not necessary. When correctly configured, the Agent sends the
certificate signing request to Satellite2, which passes it on to Satellite1,
which passes it on to the Master, where it can be signed, and the resulting
certificate gets sent back to the Agent.
It is precisely the same as Master - Satellite - Agent (where you do not put
the Master certificate onto the Satellite), just with one extra level of
redirection / forwarding.
Apologies - I was not thinking straight when I said that
You are completely correct - each machine does need to have the Master CA
installed under /var/lib/icinga2/certs/ca.crt (on Debian systems, anyway,
maybe elsewhere on other distros).