Skip to content

Installing Icinga Certificate Monitoring on Debian

The recommended way to install Icinga Certificate Monitoring is to use prebuilt packages from our official release repository. If the repository is not configured yet, please add it first before installing the package.

All packages we provide are signed with the following key.

Adding Icinga Package Repository

Here’s how to add the official release repository:

apt update
apt -y install apt-transport-https wget gnupg

wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg

DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
 echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${DIST} main" > \
 /etc/apt/sources.list.d/${DIST}-icinga.list
 echo "deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${DIST} main" >> \
 /etc/apt/sources.list.d/${DIST}-icinga.list

apt update

Installing the Package

Use your distribution’s package manager to install the icinga-x509 package as follows:

apt install icinga-x509

Setting up the Database

Setting up a MySQL or MariaDB Database

The module needs a MySQL/MariaDB database with the schema that’s provided in the /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql file.

You can use the following sample command for creating the MySQL/MariaDB database. Please change the password:

CREATE DATABASE x509;
GRANT CREATE, SELECT, INSERT, UPDATE, DELETE, DROP, ALTER, CREATE VIEW, INDEX, EXECUTE ON x509.* TO x509@localhost IDENTIFIED BY 'secret';

After, you can import the schema using the following command:

mysql -p -u root x509 < /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql

Setting up a PostgreSQL Database

The module needs a PostgreSQL database with the schema that’s provided in the /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql file.

You can use the following sample command for creating the PostgreSQL database. Please change the password:

CREATE USER x509 WITH PASSWORD 'secret';
CREATE DATABASE x509
  WITH OWNER x509
  ENCODING 'UTF8'
  LC_COLLATE = 'en_US.UTF-8'
  LC_CTYPE = 'en_US.UTF-8';

After, you can import the schema using the following command:

psql -U x509 x509 -a -f /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql

This concludes the installation. You should now be able to import CA certificates and set up scan jobs. Please read the Configuration section for details.