TLS-Configured Windows CMA Checks Failing on Linux Poller (cmd.exe / plugin path errors)

Hi, thanks for your interest in Centreon Monitoring Agent.

Did you followed this documentation to configure the platform, poller and Agent ? 

Could you provide your Centreon & Agent version ?

Hello fmattes, 

my centreon version is : v. 24.10.7

and the agent version i tried to use is : centreon-monitoring-agent-25.01.0

I assume that these are the latest versions and therefore the possibilities for success are already given.

I also followed the documentation but I don't understand what the certificates are all about. Where do I create them and especially how?

I also don't understand which certificates I should create and which I should transfer to the clients. I would have liked to see this in the documentation.

Thanks for your answer.

Yes, it should work, and we're going to make sure that it does.

Could you check your Host “CENTREONAGENTPLUGINS” and “SYSTEMLANGUAGE” macros values ?

It should be 

• CENTREONAGENTPLUGINS : C:/Program Files/Centreon/Plugins
• SYSTEMLANGUAGE : en or fr, depending on your Host OS language

This is the current situation,the client os is installed in german. 

The CMA client is also installed onto this client but unable to start somehow. 

I can see in services.msc that centreon monitoring instantly “Crashes” or closes after i start it. 

About certificates,

On Poller, files must be dropped (.crt/.key) in /etc/pki/ with the following rights : 

chmod 644 /etc/pki/agent*

On Host, files must be dropped anywhere you want, and path specified in installer

You can generate an autosigned certificate on your Poller with the following command : 

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509  -keyout /etc/pki/agent.key -out /etc/pki/agent.crt -subj '/CN=poller'

Then put the CN (in this example : ‘poller’) as Host IP in Agent configuration, on Host.

About which files to drop where, it depends which connection mode you are using “Connection initiated by Agent or by Poller”, and if you are using autosigned or signed certifcates.

Details are provided in this part of the documentation.

If not clear enough, let me know what is missing, and if needed we will plan a meet to solve your issue.

I send you a private message to plan a meet

i have stupid a question, the certificates on the host, they have to be the poller”s certificates or the host’s certificates ? i wanna mean private key and public key ...

Iam currently not very sure. But once I have the cma running. I will write a report on how to set it up properly 

it’s about that I ask the question, on the documents from Centreon it’s not very clear, we don’t know on the host whether it’s certificates’ own or the certifcates from the poller...if ​@fmattes  can answers it will be very nice 😁   

Hi,

There is no stupid question :)

The certificate can be generated anywhere (on Poller, or wildcard), but his Common Name must mach with the Poller DNS used in Poller endpoint field, in Agent configuration (on Host).

We will enhance documentation on this part.

An enhancement is studied (TLS Insecure mode) to allow configuration of certificates whitout Common Name matching, which will allow to fill Poller endpoint with IP address, without having to edit /etc/hosts/.

Please note that, depending on the connection mode, the server is the Poller OR the Host, so the certificate files must be copied differently, as presented in the following schema : 

Let me know if you need mor explaination

ok if I so understood, in the case where the connection is initiated by the poller, on the host, it must have the poller’s certificate in (poller.crt and poller.key)  with a DNS enable or the host file completed with ip & hostname from the certificates ,right ?

That’s correct, the server must care .crt & .key, in this case, this is the Host.

for me something is wrong, the poller.key is a private key, it has to stay private on the poller. why we must downloaded it on some hosts ? this certificate is used for checking the poller’s public key from a customer (host) in our case… 🤔