Master, Master HA setup and ca.crt

Hi Icinga Community,

I hope you are all fit and healthy and not being driven crazy by the self-isolating.

Here is a question hope someone can answer.

In the icinga docs here: signing-certificates-on-the-master.

The first paragraph reads:

  • This CA is generated during the master setup and should be the same on all master instances.

This implies that I should copy /var/lib/icinga2/ca/ca.crt from the PRIMARY MASTER to the SECONDARY MASTER.

Is this correct? I read this comment (https://community.icinga.com/t/icinga2-director-configuration-in-ha-master-setup/2471 on this forum that the ca.crt should only reside on one master (see comments from @dnsmichi)

So my question is… Should I copy the ca.crt to the secondary master?

Kind regards
Peter

Yes please copy the same. Don’t copy anywhere else

Thanks @radioactive9

I copied mstr01:/var/lib/ca/ca.crt to mstr02:/var/lib/ca/ca.crt