Categories: | HowTos |
---|---|
Tags: | Icinga Icinga2 Monitoring |
There are two ways to authenticate yourself as a client to Icinga2. On the one hand there is the possibility to authenticate yourself by username and password. The other option is authentication using client certificates. With the automated query of the Icinga2 API, the setup of client certificates is not only safety-technically advantageous, but also in the implementation on the client side much more practical.
Unfortunately, the official Icinga2 documentation does not provide a description of the exact certificate creation process. Therefore here is a short manual:
icinga2 feature enable api
icinga2 node wizard
icinga2 pki new-cert --cn --key .key --csr .csr
The parameter cn
stands for the so-called common-name
. This is the name used in the Icinga2 user configuration to assign the user certificate to the user. Usually the common name is the FQDN. In this scenario, however, this name is freely selectable. All other names can also be freely chosen, but it is recommended to use a name that suggests that the three files belong together.
icinga2 pki sign-csr --csr .csr --cert .crt
object ApiUser { client_cn = permissions = [] }
For a detailed explanation of the user’s assignment of rights, it is worth taking a look at the documentation.
Last but not least Icinga2 has to be restarted. Then the user can access the Icinga2 API without entering a username and password, if he passes the certificates during the query.
You can read up on the services we provide for Icinga2 righthere.
This post was originally written by Bernd Borowski.
Categories: | HowTos |
---|---|
Tags: | Icinga Icinga2 Monitoring |