Am 13.07.2016 um 19:19 schrieb Michael Friedrich: Hi Michael, >> Any chance to get the openssl error included in the Icinga error >> messsage? >> > > If you can provide a way to reliably test that scenario (certs, configs) > and we only need to fiddle with the error message passed inside the > code, feel free to open a feature request. >
I nailed it down to the following setting within the CA config: nsCertType = server If that is set while the certificate is signed, the validation fails. I could provide the appropriate openssl config, commands to generate the certs and so on, but I'm not sure how you will test this. The certs need to have a valid CN and you would need to have at least a master and a satellite. If you have static hostnames for that, I can just provide the certificates, that would be easier :) Best regards, Stephan _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
