Hello everyone,
I have inherited a multisite CheckMK instance. After having a look around and upgrading everything, I also realized there are very old Root certificates. There self signed certificates had a thousand years validity period and only 2048 Bit keys.
I got a subordinate CA certificate for CheckMK from our enterprise Root CA and would like to integrate this to our enterprise PKI. I already added the enterprise Root and cmkSubCA certificates to the trusted certs. I replaced them on the filesystem (just for Site CA and Agent signing for now). Can I somehow trigger Check MK to regenerate site certificates?
Also what do I need to look at wehen replacing the message broker and relay CA certificates?
I appreciate any insight because I couldn’t find sufficient documentation. I understand CheckMK is a standalone system by default, but an integrated enterprise PKI would be neat. We are using the pro version.