Hello,
Thanks for the information, we are still having some problems with the certificate validation. We chose to use the second option wich is the one were we configure the certificate in the agent update rule but when we bake the agent and update the certificate it fails to verify it:
requests.exceptions.SSLError: HTTPSConnectionPool(host=‘SLAVE01’, port=443): Max retries exceeded with url: /Site1/check_mk/deploy_agent.py (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)])”)))
2023-03-13 09:50:10,767 ERROR: HTTPSConnectionPool(host=‘SLAVE01’, port=443): Max retries exceeded with url: /Site1/check_mk/deploy_agent.py (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)])”)))
But when we try to test with openssl or curl, we sucsessfully connect to the Slave and the certificate is verified with 0 errors:
root@hostname:/etc/pki/tls/certs$ openssl s_client -connect SLAVE01:443
CONNECTED(00000003)
depth=1 C = PT, O = ESI, OU = SEGURANCA, CN = CERTIFICATE
verify return:1
depth=0 C = PT, ST = Lisboa, L = Lisboa, O = CLIENT, OU = CLIENT, CN = SLAVE01
verify return:1
…
root@SL000103:/etc/pki/tls/certs$ curl https://SLAVE01/Site1/check_mk/deploy_agent.py --include --noproxy ‘*’
HTTP/1.1 200 OK
Date: Mon, 13 Mar 2023 10:07:10 GMT
Server: Apache
Am I doing something wrong? Thanks if you can help.