Hello Robin,
Thank you for the kb. Exactly that is a no go:
Agent Pairing for TLS Encryption
For a user to be able to do the
cmk-agent-ctl register, which is needed to enable the TLS encryption (available from 2.1.0 onwards), you have to add the following rights (internal name “general.agent_pairing”) to his/her role.
- Agent pairing
- Read access to all hosts and folders
- Write access to all hosts and folders
regards
Michael