[icinga-users] After update to 2.0.2 Icinga don't read my old certificate

Gunnar Beutner gunnar.beutner at netways.de
Thu Aug 7 15:33:53 CEST 2014


Am 07.08.2014 15:25, schrieb Alfonso Pace:
> Hi,
> I updated my icinga to 2.0.2 version but I have this error in startup:
> critical/SSL: Error on bio X509 AUX reading pem file
> '/root/icinga-ca/icinga2c.crt': 537346050,
> "error:0200100D:lib(2):func(1):reason(13)"
> [2014-08-07 15:18:26 +0200] critical/ApiListener: Cannot get
> certificate from cert path: '/root/icinga-ca/icinga2c.crt'.

This error message is a new feature in 2.0.2. In 2.0.1 Icinga just
ignored the error but didn't actually properly initialize the API
listener - which means your cluster could not possibly have worked with
2.0.1.

You should check whether the file exists and is accessible by the user
Icinga 2 is running as. In most cases you'll want to copy them from
/root into /etc/icinga2/pki and check the file permissions.

>
> Why, if my old installation (v2.0.1) worked fine before the update,
> now I have this error?
> I have my cert in /root/icinga-ca folder and all file have 644
> permission and own icinga:icinga
>
> My api file is this one:
> object ApiListener "api" {
> cert_path = "/root/icinga-ca/" + NodeName + ".crt"
> key_path = "/root/icinga-ca/" + NodeName + ".key"
> ca_path = "/root/icinga-ca/ca.crt"
>
> }
>
> It's a bug or when I update to new version, I have to create new
> certificates?
> Or it's another problem?
> Thanks in advance.
>
>
> --
> --
> ATTENTION: Privacy Policy – D.L.gs <http://D.L.gs> 196/2003
> The information contained in this email message are of a private and
> confidential nature and are exclusively addressed to the person
> indicated above. In case you have received this email in error, we
> comunicate to you that by Law, it is forbidden for another person to
> use, make known, distribute or copy the contents. You are asked to
> report it immediately, replying to the sender and destroying the
> contents (including any attached files) without making a copy or
> reading the contents. The message and the attachments are protected
> and scanned with an antivirus protection
>
>
> _______________________________________________
> icinga-users mailing list
> icinga-users at lists.icinga.org
> https://lists.icinga.org/mailman/listinfo/icinga-users


-- 
Gunnar Beutner
Application Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
http://www.netways.de | Gunnar.Beutner at netways.de

** Open Source Backup Conference 2014 - September - osbconf.org **
** Puppet Camp Duesseldorf 2014 - Oktober - netways.de/puppetcamp **
** OSMC 2014 - November - netways.de/osmc **
** OpenNebula Conf 2014 - Dezember - opennebulaconf.com **


More information about the icinga-users mailing list