[dev.icinga.com #8465] Add the ability to use a CA certificate as a way of verifying hosts for CSR autosigning #2634
Comments
|
Updated by gbeutner on 2015-02-18 07:16:27 +00:00
|
|
Updated by Anonymous on 2015-02-18 07:16:31 +00:00
Applied in changeset 33e747a. |
|
Updated by gbeutner on 2015-02-18 07:19:21 +00:00 Please test this. Here's a short description how this works: a) Icinga ignores the ticket if - and only if - the client has a certificate that is already signed by at least one of the CA certificates in your certificate chain file (ca.crt), this implies that you need to add the public puppet CA cert in your ca.crt file (in addition to the Icinga CA cert which should already be there). |
|
Updated by mfriedrich on 2015-03-09 09:51:43 +00:00
|
|
Updated by gbeutner on 2015-03-18 17:42:39 +00:00
|
icinga-migration
added
enhancement
This issue has been migrated from Redmine: https://dev.icinga.com/issues/8465
Created by nick on 2015-02-17 18:38:01 +00:00
Assignee: gbeutner
Status: Resolved (closed on 2015-02-18 07:16:31 +00:00)
Target Version: 2.3.0
Last Update: 2015-02-18 07:19:21 +00:00 (in Redmine)
The use case for this is using a Puppet agent's cert and key on the Icinga 2 client to make a CSR against an Icinga 2 master. The Icinga 2 master would use the Puppet master's CA certificate to verify the Puppet agent cert used by the Icinga 2 client when the client makes a CSR request.
Changesets
2015-02-18 07:13:44 +00:00 by (unknown) 33e747a
Relations:
The text was updated successfully, but these errors were encountered: