Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

- Check data sent by the agent to openITCOCKPIT in push mode are evaluated directly. The latest version is always saved in the database to enable a later fluid agent configuration.


Certificate authentication

As standard, openITCOCKPIT is the CA (certification authority) for generating the agent's required certificates for an HTTPS connection.


Push Mode:

The agent creates a certificate request that is sent to the openITCOCKPIT server.

Im openITCOCKPIT muss in der Agent Overview im Bereich Untrusted Agents dem Agent mit entsprechendem Host und IP manuell vertraut werden.

In openITCOCKPIT, the agent with the corresponding host and IP must be trusted manually in the Agent Overview in the Untrusted Agents area.

  • if the agent is not yet trusted, the agent receives a corresponding error message and tries again after 10 minutes.
  • if the agent has been trusted, the next request will be answered with the certificate.

Pull Mode:

If the AutoSSL option has been activated in the openITCOCKPIT configuration interface for the agent, a connection to the agent web server is established after the services have been created in order to obtain a new certificate request.

Since the "try-autossl" option is activated by default in the agent's configuration file, a certificate request is generated and returned. If this option is deactivated, nothing further happens.

If a valid certificate request has been returned to openITCOCKPIT, it is signed and the resulting certificate (as well as the current CA certificate) is sent to the agent.


A client certificate of a configured CA is then required to access the agent web server.

Requests to the agent web server without a certificate issued by the same CA are rejected.


Known problems

C - Compatibility with Linux systems

...