[icinga-users] Verifying certificate requests with On-Demand CSR signing

Peter Eckel lists at eckel-edv.de
Sun Nov 19 19:04:30 CET 2017


Hi, 

first of all, a big thank-you to the Icinga team (and VW :-)) for the new On-Demand signing feature and CA Proxy. Quite exactly what I was waiting for, given the fact that I'm running a couple of multi-level Icinga 2 setups. 

However, in my current lab experiments with the new features I'm stuck at a point where I want/need to verify the fingerprints of CSRs submitted to the CA, but ... how? 

The fingerprint shown with 'icinga2 ca list' looks like an SHA256 hash of something. But unfortunately I can't find out what it is an SHA256 hash of, and so I can't verify the requests ... which is even worse as the goal is to automate the process altogether. On the other hand, even with manual verification there's still the problem that I need to compare it to something, and the only thing I have is the fingerprint (and host name/timestamp) 'icinga2 ca list' gives me.

Any hints where I can look? 

Best regards, 

  Peter.


More information about the icinga-users mailing list