Installing Icinga Certificate Monitoring on Debian¶
The recommended way to install Icinga Certificate Monitoring is to use prebuilt packages from our official release repository. If the repository is not configured yet, please add it first before installing the package.
All packages we provide are signed with the following key.
Adding Icinga Package Repository¶
Here’s how to add the official release repository:
apt update
apt -y install apt-transport-https wget
wget -O icinga-archive-keyring.deb "https://packages.icinga.com/icinga-archive-keyring_latest+debian$(
. /etc/os-release; echo "$VERSION_ID"
).deb"
apt install ./icinga-archive-keyring.deb
DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${DIST} main" > \
/etc/apt/sources.list.d/${DIST}-icinga.list
echo "deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${DIST} main" >> \
/etc/apt/sources.list.d/${DIST}-icinga.list
apt update
Installing the Package¶
Use your distribution’s package manager to install the icinga-x509
package as follows:
apt install icinga-x509
Setting up the Database¶
Setting up a MySQL or MariaDB Database¶
The module needs a MySQL/MariaDB database with the schema that’s provided in the /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql
file.
You can use the following sample command for creating the MySQL/MariaDB database. Please change the password:
CREATE DATABASE x509;
GRANT CREATE, SELECT, INSERT, UPDATE, DELETE, DROP, ALTER, CREATE VIEW, INDEX, EXECUTE ON x509.* TO x509@localhost IDENTIFIED BY 'secret';
After, you can import the schema using the following command:
mysql -p -u root x509 < /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql
Setting up a PostgreSQL Database¶
The module needs a PostgreSQL database with the schema that’s provided in the /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql
file.
You can use the following sample command for creating the PostgreSQL database. Please change the password:
CREATE USER x509 WITH PASSWORD 'secret';
CREATE DATABASE x509
WITH OWNER x509
ENCODING 'UTF8'
LC_COLLATE = 'en_US.UTF-8'
LC_CTYPE = 'en_US.UTF-8';
After, you can import the schema using the following command:
psql -U x509 x509 -a -f /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql
This concludes the installation. You should now be able to import CA certificates and set up scan jobs. Please read the Configuration section for details.