I was able to reproduce the problem in my lab however was not able to fix the problem in my DEV environment.... I moved all the certs and run 'icinga2 node wizard' which seemed to generate a new salt. I then restarted icinga2 and generated a new pki ticket for my endpoint still seeing the self signed error in the log. The master also still fails to send or get anything from this node. I have tried using the bootstrap script and the icinga2 wizard on the endpoint.
Looking at the ca cert it seems identical to ones that are working. At this point I'm guessing a problem with the API? Thanks for your reply. Scott. On Mon, Mar 20, 2017 at 3:23 AM, Michael Friedrich <michael.friedr...@icinga.com> wrote: > >> On 17 Mar 2017, at 20:29, Scott <sst...@gmail.com> wrote: >> >> Hi Group. >> >> We are using the bootstrap powershell > > What’s that? > >> and when the certificates get >> created we are seeing this in our Icinga2.log: >> >> [2017-03-17 13:22:01 -0600] information/ApiListener: New client >> connection for identity 'ca1om01d.XXX.com' from [10.1.18.175]:57660 >> (certificate validation failed: code 18: self signed certificate) >> [2017-03-17 13:22:01 -0600] warning/JsonRpcConnection: API client >> disconnected for identity 'ca1om01d.XXX.com' >> >> It seems that all new hosts are causing this error. > > Until they request a ticket which sends them a signed certificate, that’s > perfectly valid. Is that the case for your clients? > > Kind regards, > Michael > >> >> Regards, >> >> Scott. >> _______________________________________________ >> icinga-users mailing list >> icinga-users@lists.icinga.org >> https://lists.icinga.org/mailman/listinfo/icinga-users > > _______________________________________________ > icinga-users mailing list > icinga-users@lists.icinga.org > https://lists.icinga.org/mailman/listinfo/icinga-users _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
