Not connecting to Endpoint error and certificate validation failed: code 7: certificate signature failure)

Today when I check the event viewer on my windows agent . and I saw many warnings

and when I checked the linux agents .

[

2024-04-11 13:17:01 +0200] notice/ApiListener: Current zone master: AA
[2024-04-11 13:17:01 +0200] notice/ApiListener: Connected endpoints: BB (1)
[2024-04-11 13:17:06 +0200] notice/JsonRpcConnection: Received 'log::SetLogPosition' message from identity 'BB'.
[2024-04-11 13:17:06 +0200] notice/CheckerComponent: Pending checkables: 0; Idle checkables: 0; Checks/s: 0
[2024-04-11 13:17:06 +0200] notice/ApiListener: Setting log position for identity 'BB': 2024/03/14 16:03:18
[2024-04-11 13:17:09 +0200] information/RemoteCheckQueue: items: 0, rate: 0/s (6/min 30/5min 90/15min);
[2024-04-11 13:17:11 +0200] notice/JsonRpcConnection: Received 'log::SetLogPosition' message from identity 'BB'.
[2024-04-11 13:17:11 +0200] debug/ApiListener: Not connecting to Endpoint 'BB' because we're already connected to it.
[2024-04-11 13:17:11 +0200] debug/ApiListener: Not connecting to Endpoint 'AA' because that's us.

I don’t think these are normal .
When I write icinga2 ca list --all it also returns empty. However , I signed certificates when I did the connection I am pretty sure .

Everything works normal but it seems something is wrong .
What could be the reason of these things and how can I solve it ? Anybody have idea ?

Missing, CA file?

Not connecting to Endpoint ‘BB’ because we’re already connected to it.

IMHO, this looks normal if you zones.conf files are configured to connect form both sided.

Hi rivad,

I didn’t make any changes in zones.conf manually, I am using director.
I guess director handles these configs .

I sent CSR requests from agents and signed them from master I remember when I set my system :frowning: .
Do you know how can I fix this CA problem now ?

Do you guys also see this kind of log in your systems ?

Not connecting to Endpoint ‘BB’ because we’re already connected to it.

On the client side, it’s the setup that handles the zones.conf.

I’m using Ansible so I can’t help as much as the ones do it manually.

Thanks ,

Does it mean I need to make changes in zones.conf in the master ? even though I use director .

Probably not, as I only had to do this to get a satellite to work.