Skip to content

Improve/doc/csr-signing-without-parent-connection-addition #10782

@Wintermute2k6

Description

@Wintermute2k6

Issue

Customer requested the addition of the following to the documentation.
The Customer wanted the --parent_host parameter explained.

Describe the solution you'd like

The request was to add the following into the documentation.

diff --git a/doc/19-technical-concepts.md b/doc/19-technical-concepts.md
index d268ea7cf..a41c46008 100644
--- a/doc/19-technical-concepts.md
+++ b/doc/19-technical-concepts.md
@@ -578,9 +578,14 @@ This takes some minutes and requires all nodes to reconnect to each other.
 There is an additional scenario: The setup on a child node does
 not necessarily need a connection to the parent node.
 
-This mode leaves the node in a semi-configured state. You need
-to manually copy the master's public CA key into `/var/lib/icinga2/certs/ca.crt`
-on the client before starting Icinga 2.
+Running `icinga2 node setup` without using the `--parent_host` argument will leave
+the node in a semi-configured state. I.e., you will need to manually copy the master's
+public CA key into `/var/lib/icinga2/certs/ca.crt` on the client before starting 
+Icinga2. After which the TLS communication can be established.
+
+To complete the certificate signing, the `icinga2 ca list` and `icinga2 ca sign`
+commands must be used on the Icinga CA server to complete the certificate signing
+process if no ticket was provided using the `--ticket` argument.

Describe alternatives you've considered

You could list and describe all the available parameters.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions