> On 15 Jul 2016, at 22:36, Stephan Tesch <step...@tesch.cx> wrote: > > Am 13.07.2016 um 19:19 schrieb Michael Friedrich: > > Hi Michael, >>> Any chance to get the openssl error included in the Icinga error >>> messsage? >>> >> >> If you can provide a way to reliably test that scenario (certs, configs) >> and we only need to fiddle with the error message passed inside the >> code, feel free to open a feature request. >> > > I nailed it down to the following setting within the CA config: > > nsCertType = server > > If that is set while the certificate is signed, the validation fails. > > I could provide the appropriate openssl config, commands to generate the > certs and so on, but I'm not sure how you will test this. The certs need > to have a valid CN and you would need to have at least a master and a > satellite. If you have static hostnames for that, I can just provide the > certificates, that would be easier :)
If you ensure that NodeName = Endpoint object name = CN you can statically test such scenarios. Best practice (same as the cli commands do) is to use the FQDN though. So if you can provide the certificates (CA, 2x client pub and private cert) we can put them in a test scenario and manually set the configuration then. Best would be to open an issue over at dev.icinga.org asking to enhance the log message. Kind regards, Michael > > Best regards, > Stephan > > > > _______________________________________________ > icinga-users mailing list > icinga-users@lists.icinga.org > https://lists.icinga.org/mailman/listinfo/icinga-users -- Michael Friedrich, DI (FH) Senior Developer NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 CEO: Julian Hein, Bernd Erk | AG Nuernberg HRB18461 http://www.netways.de | michael.friedr...@netways.de ** OSBConf 2016 - September - osbconf.org ** ** OSMC 2016 - November - netways.de/osmc ** _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
