Master endpoint name / certificate name

Hello,

We are building a new icinga2 full setup to migrate from our actual setup for a couple of reasons but, one question, in our actual setup all agent/satellite are reaching the master with hostname.fqdn, 'cause at this moment we are using a sub-domain of our primary domain BUT in our next setup we are using a complete different domain that will be used ONLY for that…

So the question is, what’s the best approach if we want to reach the master only using “domainname” instead of the fqdn…

The domain itself point to the “master” machine, our question is more related to the “certificate”, I think…

The master node is having a name of course, but when doing the icinga2 node wizard setup for the master, we fill the Common name with the domain only instead of the host.fqdn, is it a good way ?

We are doing that so our clients can just type the domain when setting up a new client instead of having to remember the hostname and domain…

certificates shouldnt be the problem since they are selfsigned. If you by any chance overwrite the CA you have to generate new certificates.

The master node is having a name of course, but when doing the icinga2 node wizard setup for the master, we fill the Common name with the domain only instead of the host.fqdn, is it a good way ?
→ if it this name point to the master it’s ok

Yes, it is only a matter of the cn in the certificate, so Icinga 2 is using per default the output of hostname -f, but allows to set the constant Nodename to override it with any name. Do this before setting up the certificates or recreate the certificates afterwards.

1 Like

sorry, i forgot about the cn mismatch