Hey guys
I set up an distributed Monitoring setup, with local docker container to test my ansible role.
But, when I sign the certificate from the agent trough satellite1 to the master I get a “not signed by our ca” message. But I’m pretty sure it’s the right CA, I checked several times the md5sum of all ca certs and they are the same.
I try to sign the certificates with the cli (pki) command.
icinga master log:
[2020-02-12 08:51:02 +0100] information/JsonRpcConnection: Received certificate request for CN ‘icinga-agent’ not signed by our CA.
[2020-02-12 08:51:02 +0100] information/JsonRpcConnection: Certificate request for CN ‘icinga-agent’ is pending. Waiting for approval.
icinga-satellite1 log:
[2020-02-12 08:56:55 +0100] information/JsonRpcConnection: Received certificate request for CN ‘icinga-agent’ not signed by our CA.
[2020-02-12 08:56:55 +0100] information/JsonRpcConnection: Sending certificate response for CN ‘icinga-agent’ to endpoint ‘icinga-agent’.
[2020-02-12 08:56:55 +0100] warning/JsonRpcConnection: API client disconnected for identity ‘icinga-agent’
Ansible code:
- name: gather ticket from master
- command: /usr/sbin/icinga2 pki ticket --cn icinga-agent*
- register: icinga2_ticket*
- delegate_to: “icinga-master”*
- name: create cert and key on client
- command: icinga2 pki new-cert --cn icinga-agent --key /var/lib/icinga2/certs/icinga-agent.key --cert /var/lib/icinga2/certs/icinga-agent.crt*
- name: get trustedcert from parent node
- command: icinga2 pki save-cert --host icinga-satellite1 --trustedcert /var/lib/icinga2/certs/icinga-satellite1.crt*
- name: send csr request to parent node
- command: icinga2 pki request --host icinga-satellite1 --ca /var/lib/icinga2/certs/ca.crt --key /var/lib/icinga2/certs/icinga-agent.key --cert /var/lib/icinga2/certs/icinga-agent.crt --trustedcert /var/lib/icinga2/certs/icinga-satellite1.crt --ticket {{ icinga2_ticket.stdout }}*
I got the same message, when I used the node wizard for signing.
Hopefully someone can help me.
BR
Thaja
