Re: [icinga-users] After update to 2.0.2 Icinga don't read my old certificate

[Michael Friedrich]

Am 07.08.2014 17:17, schrieb Alfonso Pace: Hi, the file exist and I moved the file in your suggested location and checked the owner and permission but this error not change. Could you please be more verbose in what you are doing, and what's the output on your shell. Nobody is able to see it and we all might just guess what you're doing (which may become extremly annoying at some point). Any suggestion? How I can configure icinga user and group in exact mode in /etc/passwd and group in /etc/group? By default, the packages will set up all required users and permissions. You should not change them at all, and it is certainly your own field of problems if you do so (which then will require the -vvvv mode to get an idea what you're doing, see above). Make sure that the '/etc/icinga2/pki' directory and files below are owned by the user Icinga 2 is running as, and re-test. kind regards, Michael My user config actually is the following in /etc/passwd: icinga:x:667:667:icinga:/var/spool/icinga2:/sbin/nologin I have this group in /etc/group: icinga:x:667: Any help is appreciated. Thanks to all for support. 2014-08-07 15:33 GMT+02:00 Gunnar Beutner <gunnar.beut...@netways.de>: Am 07.08.2014 15:25, schrieb Alfonso Pace: > Hi, > I updated my icinga to 2.0.2 version but I have this error in startup: > critical/SSL: Error on bio X509 AUX reading pem file > '/root/icinga-ca/icinga2c.crt': 537346050, > "error:0200100D:lib(2):func(1):reason(13)" > [2014-08-07 15:18:26 +0200] critical/ApiListener: Cannot get > certificate from cert path: '/root/icinga-ca/icinga2c.crt'. This error message is a new feature in 2.0.2. In 2.0.1 Icinga just ignored the error but didn't actually properly initialize the API listener - which means your cluster could not possibly have worked with 2.0.1. You should check whether the file exists and is accessible by the user Icinga 2 is running as. In most cases you'll want to copy them from /root into /etc/icinga2/pki and check the file permissions. > > Why, if my old installation (v2.0.1) worked fine before the update, > now I have this error? > I have my cert in /root/icinga-ca folder and all file have 644 > permission and own icinga:icinga > > My api file is this one: > object ApiListener "api" { > cert_path = "/root/icinga-ca/" + NodeName + ".crt" > key_path = "/root/icinga-ca/" + NodeName + ".key" > ca_path = "/root/icinga-ca/ca.crt" > > } > > It's a bug or when I update to new version, I have to create new > certificates? > Or it's another problem? > Thanks in advance. > > > -- > -- > ATTENTION: Privacy Policy – D.L.gs <http://D.L.gs> 196/2003 > The information contained in this email message are of a private and > confidential nature and are exclusively addressed to the person > indicated above. In case you have received this email in error, we > comunicate to you that by Law, it is forbidden for another person to > use, make known, distribute or copy the contents. You are asked to > report it immediately, replying to the sender and destroying the > contents (including any attached files) without making a copy or > reading the contents. The message and the attachments are protected > and scanned with an antivirus protection > > > _______________________________________________ > icinga-users mailing list > icinga-users@lists.icinga.org > https://lists.icinga.org/mailman/listinfo/icinga-users --  Gunnar Beutner Application Developer NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461 http://www.netways.de | gunnar.beut...@netways.de ** Open Source Backup Conference 2014 - September - osbconf.org ** ** Puppet Camp Duesseldorf 2014 - Oktober - netways.de/puppetcamp ** ** OSMC 2014 - November - netways.de/osmc ** ** OpenNebula Conf 2014 - Dezember - opennebulaconf.com ** _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users -- -- ATTENTION: Privacy Policy – D.L.gs 196/2003 The information contained in this email message are of a private and confidential nature and are exclusively addressed to the person indicated above. In case you have received this email in error, we comunicate to you that by Law, it is forbidden for another person to use, make known, distribute or copy  the contents. You are asked to report it immediately, replying to the sender and destroying the contents (including any attached files) without making a copy or reading the contents. The message and the attachments are protected and scanned with an antivirus protection _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users --  Michael Friedrich, DI (FH) Application Developer NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461 http://www.netways.de | michael.friedr...@netways.de ** Open Source Backup Conference 2014 - September - osbconf.org ** ** Puppet Camp Duesseldorf 2014 - Oktober - netways.de/puppetcamp ** ** OSMC 2014 - November - netways.de/osmc ** ** OpenNebula Conf 2014 - Dezember - opennebulaconf.com **

_______________________________________________
icinga-users mailing list
icinga-users@lists.icinga.org
https://lists.icinga.org/mailman/listinfo/icinga-users