CMK version: 2.1.0p19.cee
OS version: Debian 11
Dear all,
as the agents complained because of cert expiry, we changed our SSL certificate from a custom CA to a commercial wildcard certificate we already possess for other services, with the occasion that our custom had expired.
I applied the certificate both in the trusted certificate authorities as well as for the apache SSL for HTTPS access.
Now I wanted to bake and sign the agents again… After doing that with the previously used key, the https server access in the agents description still points to the old certificate (I also checked in ./etc/check_mk/cmk-update-agent.cfg) and it is actually still the old one.
Should I execute some command on the specific site in omd to set the correct one there? Or am I completely off track? Quick overview of what done till now:
- Changed the trusted cert authority to the new one (trust system wide configured CAs)
- Changed and checked the correct access and the full chain availability and https access is fine
- Now we want to bake agents in order to make them use the new cert (it would be no great deal for me to do that manually or use ignore cert for a first update register)
Could be that I miss something very basic regarding the concept of how certificates are applied in checkmk even though I watched relevant videos so I apologize in advance and ask for patience. I tried to find answers to this or a well described procedure to use when someone changes/updates certificates but to no avail.