-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jobs silently fail to retrieve certificates #210
Comments
Hii @JA-HBK, thanks for reporting.
Can you also please share the error as well?
How do you run the job? Like using the |
Is this the Icinga PHP library version you are using? x509 version |
Hello @yhabteab |
Can you please share then the openssl x509 -in yonas.crt -noout -text | grep -A 3 'Subject Alternative Name' Note You have to adjust the certificate name The output should look something like this: X509v3 Subject Alternative Name:
email:yonas@icinga.com, URI:überögabeä@ |
Please also share a screenshot of the |
|
I'm also running out of ideas 😔. How did you create the database? And what is the output of this command: And why is it failing only due to this particular certificate, while the others are working correctly (assuming you're able to import/scan other certificates without issues)? |
Hey @yhabteab Sorry for the delay in my response. I created the DB following the instructions in the module here Listing DBs with that psql command, I can see that it's utf8 encoded with en_US.UTF-8 as both the Collate and Ctype, which seems correct based on the docs. I am able to scan and import other certificates without a problem. It insists that this one has some kind of non-utf8 character though, which I can't find anywhere in the cert. However, I think that the problem with this specific certificate is more captured under the report I opened: #160. I think we've started to muddle this thread with that one. (I'm guilty of this as well) The main issue I wanted to raise for this thread in particular, is that the job to scan this certificate is failing silently when there are other hosts to scan in the job CIDR, but it fails with an error message when it only scans this one certificate. I think it should raise an error whether or not the job is scanning multiple targets. |
Describe the bug
I have a job set up to scan a subnet and collect certificates.
There is a host on that subnet with a certificate that contains characters that cannot be written to the DB, so that host's certificate is not captured (if interested, see issue for additional details on the problem with this cert).
When I attempt to upload the problematic cert manually, or even when I create a job to scan just that one host, I see a failure message that the certificate cannot be written to the database. This is what I would expect.
However, if I create a job to scan a subnet of which that host is a part, that job will NOT fail. I would expect for the job to fail when it found the un-writeable certificate. Instead, it continues scanning without ever raising an error. The host's certificate is not written to the DB, but I have no indication that the failure has occurred.
To Reproduce
Expected behavior
I would expect the job to continue scanning other hosts in the subnet and writing their certificates to the DB, but I would expect some stderr output to indicate that an error occurred.
Your Environment
Icinga Web 2 version: 2.11.4
ipl version: 0.11.1
thirdparty version: 0.11.0
x509 version: 1.2.1
x509 db backend: Postgres 12.9
PHP version: 7.3.11
Web browser used: N/A. Commands executed through ssh connection to Icinga master
Icinga 2 version used (icinga2 --version): r2.13.6-1
Server operating system and version: CentOS 7
The text was updated successfully, but these errors were encountered: