Installing Icinga Certificate Monitoring on Amazon Linux¶

The recommended way to install Icinga Certificate Monitoring is to use prebuilt packages from our official release repository. If the repository is not configured yet, please add it first before installing the package.

All packages we provide are signed with the following key.

Adding Icinga Package Repository¶

Info

A paid repository subscription is required for Amazon Linux 2 repositories. Get more information on icinga.com/subscription.

Don’t forget to fill in the username and password section with appropriate credentials in the local .repo file.

Here’s how to add the official release repository:

curl https://packages.icinga.com/subscription/amazon/ICINGA-release.repo -o /etc/yum.repos.d/ICINGA-release.repo

Installing the Package¶

Use your distribution’s package manager to install the icinga-x509 package as follows:

Amazon Linux 2023Amazon Linux 2

dnf install icinga-x509

yum install icinga-x509

Setting up the Database¶

Setting up a MySQL or MariaDB Database¶

The module needs a MySQL/MariaDB database with the schema that’s provided in the /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql file.

You can use the following sample command for creating the MySQL/MariaDB database. Please change the password:

CREATE DATABASE x509;
GRANT CREATE, SELECT, INSERT, UPDATE, DELETE, DROP, ALTER, CREATE VIEW, INDEX, EXECUTE ON x509.* TO x509@localhost IDENTIFIED BY 'secret';

After, you can import the schema using the following command:

mysql -p -u root x509 < /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql

Setting up a PostgreSQL Database¶

The module needs a PostgreSQL database with the schema that’s provided in the /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql file.

You can use the following sample command for creating the PostgreSQL database. Please change the password:

CREATE USER x509 WITH PASSWORD 'secret';
CREATE DATABASE x509
  WITH OWNER x509
  ENCODING 'UTF8'
  LC_COLLATE = 'en_US.UTF-8'
  LC_CTYPE = 'en_US.UTF-8';

After, you can import the schema using the following command:

psql -U x509 x509 -a -f /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql

This concludes the installation. You should now be able to import CA certificates and set up scan jobs. Please read the Configuration section for details.