CMK version: 2.0.0p** (prod) and 2.1.0 (test)
OS version: Docker
Hi all
We are starting to set up distributed automatic agent updates. As the central site uses a certificate signed by an internal CA, we need remote sites to trust it. To achieve this, we added the root CA to Global settings → Trusted certificate authorities for SSL.
However, this does not work for us. The CA certificate configuration seems to not be replicated to remote sites:
-
ca_certificates.mk
is missing entirely frometc/check_mk/multisite.d/wato
-
ca_certificates-sitespecific.mk
does only contain the WATO header - checking in
etc/ssl
andvar/ssl
, the certificates are not present there
The CAs are only replicated to the remote site when explicitely configuring them per site in Distributed monitoring. This is not a configuration we plan to maintain, though
Do any of you run a similar configuration that works?
Are we missing/misunderstanding something?
Thank you and have a nice day