Combine private and public keys into one file.

icinga-app/icinga-c1.crt

@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJERTEQ
-MA4GA1UECAwHQmF2YXJpYTESMBAGA1UEBwwJTnVyZW1iZXJnMRUwEwYDVQQKDAxO
-RVRXQVlTIEdtYkgxHDAaBgNVBAMME0ljaW5nYSBTbmFrZSBPaWwgQ0EwHhcNMTIw
-NDI0MTE0NzQ2WhcNMTMwNDI0MTE0NzQ2WjBeMQswCQYDVQQGEwJERTEQMA4GA1UE
-CAwHQmF2YXJpYTESMBAGA1UEBwwJTnVyZW1iZXJnMRUwEwYDVQQKDAxORVRXQVlT
-IEdtYkgxEjAQBgNVBAMMCWljaW5nYS1jMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAysHrzHs9WfQR4cEUx2hFZQmbM+Ssi5L63yqnzxEvVQ3GlM+uIceK1Kvx
-9EexoUDLhxJOaUmigc6Pcs2mAjcpEwObnzW4pLuMKa7ngGLrnUpmmDXdGoxkCbi7
-CP3s5yC7ZZ6bDiPMhRi/TRvY6+uQf+yew5daA3p87jocgRjhRicCAwEAAaN7MHkw
-CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
-dGlmaWNhdGUwHQYDVR0OBBYEFPzsYbQZdbq+pcFJWoenWREW6WhMMB8GA1UdIwQY
-MBaAFNVJHVPJNwqEcG51lpqZJWVPaysFMA0GCSqGSIb3DQEBBQUAA4GBAMLP1GJf
-0hFdrEpGq+NvxTVx7wD30enAot5x2HLx4HuFohQJz/VZ45v+srrA+HEXbBFXPOd4
-nB2XtcDDidFKTt5E03HBwDGGZvnB3f1KXYi7B50imKrwVVzgp5nGBM4hSzWGovEX
-EYofmhk0fQg9qiKQrjwNib/4/b0srwEswfdj
------END CERTIFICATE-----

icinga-app/icinga-c1.key

@@ -1,16 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMrB68x7PVn0EeHB
-FMdoRWUJmzPkrIuS+t8qp88RL1UNxpTPriHHitSr8fRHsaFAy4cSTmlJooHOj3LN
-pgI3KRMDm581uKS7jCmu54Bi651KZpg13RqMZAm4uwj97Ocgu2Wemw4jzIUYv00b
-2OvrkH/snsOXWgN6fO46HIEY4UYnAgMBAAECgYBj/1QOG1HcxXT0REe9OP3QoPY8
-l7FJfQnheqYch7syVYL07aBR5Jnh3ZONCLbgcpZuXWbyonBVWMyCsE4Jla7ZYnBB
-plZPMYmzGxEbTM5Bu+PZ0M1NLvdLCRq24IVwTZwBBZ3sr7rVSnAYi2Li0SWQEaCN
-P+PbZP1P9i9WiI+VIQJBAPYBfVWNk3gY1V0YuuH9fmYRBg5/B1qy8bYS9FLVIq2z
-5r7eI1EypcVtyTx6yMmLuWj4mpNOKv5sxQsHalzRo18CQQDS/qPoDqMkDB9r9XeZ
-qS2XQdX6YxzGisqL8vWcZ/Y6YX81qm3Lpp2wEexUXvWXRI5RdguctZFKTVyG/Mic
-C9o5AkAEtvKX+SaiXpd4OUkbm6gYfKsJDBYv/s3zF1nnXH5VpeT+M3Op0raqmfgJ
-WLEQa8UZ5enQeOcKCTudgn7fWIUxAkEAmXWfXP6YZXVzvR+xt08225aEvTItEbKM
-krFJNlLe4aNb1Hp6lO5ALnk6vDq8wSKZqGIFHBtq6vHNZFiix+xO8QJAIZ3pB/Bz
-Il8NjZMg8t/1sJdn32Xe9D0lZRtZTKC8zF/78NDFEo9qqE4Sr1CUfqlx18HXOxCO
-Vg4lv6+jUj+LmA==
------END PRIVATE KEY-----

icinga-app/icinga-c2.crt

@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJERTEQ
-MA4GA1UECAwHQmF2YXJpYTESMBAGA1UEBwwJTnVyZW1iZXJnMRUwEwYDVQQKDAxO
-RVRXQVlTIEdtYkgxHDAaBgNVBAMME0ljaW5nYSBTbmFrZSBPaWwgQ0EwHhcNMTIw
-NDI0MTE0NzU1WhcNMTMwNDI0MTE0NzU1WjBeMQswCQYDVQQGEwJERTEQMA4GA1UE
-CAwHQmF2YXJpYTESMBAGA1UEBwwJTnVyZW1iZXJnMRUwEwYDVQQKDAxORVRXQVlT
-IEdtYkgxEjAQBgNVBAMMCWljaW5nYS1jMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEArOcVui1AWojbPuK/7We9uwIBLaOLfBxQRI3+k6PzzjdtaXT4ijT/DSav
-Q5U4wGOLYh0yuSyqS88QX/DsqDGLXnSVs8mT37bioMOw2XinqaNQ6xK4vyi0FYxS
-ewI6YOkYi7135NEaSUgd82hk4wFtiIb67T7hkHRc7Aui6FmT/SkCAwEAAaN7MHkw
-CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
-dGlmaWNhdGUwHQYDVR0OBBYEFGvpolD5na6L70kNFO1tYGYIwDhqMB8GA1UdIwQY
-MBaAFNVJHVPJNwqEcG51lpqZJWVPaysFMA0GCSqGSIb3DQEBBQUAA4GBAIhhjKWw
-5JKirNidgG9PuD8x47VsRTkESLlq/pS7KjkE1nWCG9JpR5oVSzx2WXomiaAZ4q2C
-WS1z4HD9HF4NbhY+xVBi0Fj/kotuXCCweRo5EVp7Q4fabm1maJemFwMTHGhBLu7a
-v4dquYyOk9Dhkwcjajyn+KWceCoUTdI3LB2t
------END CERTIFICATE-----

icinga-app/icinga-c2.key

@@ -1,16 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKznFbotQFqI2z7i
-v+1nvbsCAS2ji3wcUESN/pOj8843bWl0+Io0/w0mr0OVOMBji2IdMrksqkvPEF/w
-7Kgxi150lbPJk9+24qDDsNl4p6mjUOsSuL8otBWMUnsCOmDpGIu9d+TRGklIHfNo
-ZOMBbYiG+u0+4ZB0XOwLouhZk/0pAgMBAAECgYEAkbEavslYm7EMRX4dyXcMCaNT
-yNgxNcBJ5qpbpJ6XVuGfoSf+Mb8cV0GMl38K1hpLHb6Kujwntz9ghedmEwfEbcw0
-TkSaNz1+7omM+485S2YvXJyR1kO8eEKONVlGuxgO/ItiR+e1J6wMnY5JhctgRH6W
-aOqy+5Ua1ATIdiOYrI0CQQDku3CNDOipwDmguBIrlxa+6NsATJRjqFmHqWdu2pYh
-KRl3Sypn+LfhdFRbo3licU5a1OqydGmVpRTpQPJO7MoHAkEAwYPQIGZd/60O2LWV
-M5eLnwKrrQSfrQ/Lngz0Qko4Yo913Ef2PC2QQ6p9cOt3vMPZDK5znlzQbBCa6cAH
-tBvzTwJAT+uaaP5wsRdkS17lomt5XB1aoCEh3Cxvk/JCHL6tpEqLBl6yI4AJJ/KQ
-ozBccmQqv5wToWUBm3MB+nph7+fWswJAMKcQQ6UZCvganHeCzJbUXqUQPo7ECoHH
-IrSFEMmSRY1mB3z8NoMKG0kZArPgxc/DmUGfBfi12gWOvSgvh6PjVwJBALKECoe5
-nmxhHTFbs4+UCFTzp6BGtSBdr6to0ID7ykZWT6kBX/BHUnoJUEpDtNLXzbek/KeI
-ymg0LgRkHoWNpLY=
------END PRIVATE KEY-----

icinga-app/icinga-c3.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICNTCCAZ4CAQQwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCREUxEDAOBgNV
-BAgMB0JhdmFyaWExEjAQBgNVBAcMCU51cmVtYmVyZzEVMBMGA1UECgwMTkVUV0FZ
-UyBHbWJIMRwwGgYDVQQDDBNJY2luZ2EgU25ha2UgT2lsIENBMB4XDTEyMDUwODA3
-MzkxOVoXDTIyMDUwNjA3MzkxOVowXjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0Jh
-dmFyaWExEjAQBgNVBAcMCU51cmVtYmVyZzEVMBMGA1UECgwMTkVUV0FZUyBHbWJI
-MRIwEAYDVQQDDAlpY2luZ2EtYzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AKFf+UkCgbNtEP0OoeF+K02L5SRlqkkkp6eaieh0IN7NNAxeELcGpZmycv4sHp30
-qv0zDtKU1HYrpm8TEBsz2AoT+J36QT9IysfcWdM9o3WZGMDUVqYBUscurkxBQJCK
-cFwXijTJ8Djn82xVgNUm/E44AdbrIwUlx23yllErx8hfAgMBAAEwDQYJKoZIhvcN
-AQEFBQADgYEAsZOKZQ2+ksPiNTCJrY+uiUZs6lFSbcJ9BHHaAt0ytQPiblufz3xl
-AR5Hza5fHt+lN9aGxM7TWMhjZHhmoctSRz8AW1KZTdbxJhRdbqmBjl95c2wBiDxs
-ERpyU9m9Rp42IjTyU4Vr/yO7DgMcG2k4KYzNquA5O8rqqtPRAp3H6n0=
------END CERTIFICATE-----

icinga-app/icinga-c3.key

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQChX/lJAoGzbRD9DqHhfitNi+UkZapJJKenmonodCDezTQMXhC3
-BqWZsnL+LB6d9Kr9Mw7SlNR2K6ZvExAbM9gKE/id+kE/SMrH3FnTPaN1mRjA1Fam
-AVLHLq5MQUCQinBcF4o0yfA45/NsVYDVJvxOOAHW6yMFJcdt8pZRK8fIXwIDAQAB
-AoGASJwWXnNySHlam4Jp9DwA3/OCNs5HwIFtrkwqoR0fbSCHusjYXIHxISbZ9uOD
-Iy9jgGno0XeF4WXijTfWl2bMXYWTS7ISMBg96bPZtG/RTdgd1LT69s82a+apbgSd
-bxB64cyn8KtuABfZ9AMR+TV28TDmnGMdhVoaM66iWKv4a4ECQQDNmk3NTZ+s/y5F
-5qOgJqH5yX1hZLLmm8e8lpghqDT43HR3cMJLN6b5oS1UdMcEw1Q6q3hjFl+MbnZa
-AzvzpT9DAkEAyO5YdpbRG1OR7sNmidowvr1NkIjV/C4UuSpGrx9XJFAZkLxEEmMu
-13QssdHjAkX5yFjkoNPC+wA6DeVjtvHatQJBAMG1qavOgKyLV9t/65XOEDm5Pqnu
-KCfhiZQDBp5fTllRy2FlGYmoi2cSFhVGWOQB7G/CchBZWfiDcnpoJanufOUCQGr7
-bKKHnoKcNmEYLOpNABMum7PPB5AjwOjt94CagT1WYKZNdzkLEg+pTXrIM8QsGdhw
-bBqtZW1bK43mivcHQtkCQF+p7LfzmPo9uzRrOfjgTDYLuh3MD8EKNs0M6l15UqbQ
-nfBBE0oIPH4j+K++7xWUQ7vbiyBc7C7H3NZeE6xqfS0=
------END RSA PRIVATE KEY-----

icinga-app/icinga-checker1.conf

@@ -0,0 +1,25 @@
+local object application "icinga" {
+	ca = "ca.crt",
+	cert = "icinga-c2.pem"
+}
+
+local object component "checker" {
+}
+
+local object component "discovery" {
+	broker = 0
+}
+
+/* trusted upstream endpoint */
+local object endpoint "icinga-c1" {
+	node = "192.168.5.46",
+	service = 7777,
+
+	roles = { "all" }
+}
+
+local object role "all" {
+	publications = { "*" },
+	subscriptions = { "*" }
+}
+

icinga-app/icinga-checker2.conf

@@ -0,0 +1,24 @@
+local object application "icinga" {
+	cert = "icinga-c3.pem",
+	ca = "ca.crt"
+}
+
+local object component "checker" {
+}
+
+local object component "discovery" {
+	broker = 0
+}
+
+/* trusted upstream endpoint */
+local object endpoint "icinga-c1" {
+	node = "192.168.5.46",
+	service = 7777,
+
+	roles = { "all" }
+}
+
+local object role "all" {
+	publications = { "*" },
+	subscriptions = { "*" }
+}

icinga-app/icinga1.conf

@@ -1,7 +1,6 @@
 local object application "icinga" {
-	privkey = "icinga-c1.key",
+	ca = "ca.crt",
-	pubkey = "icinga-c1.crt",
+	cert = "icinga-c1.pem",
-	cakey = "ca.crt",
 
 	node = "10.0.10.14",
 	service = 7777

icinga-app/icinga2.conf

@@ -1,8 +1,7 @@
 local object application "icinga" {
-	privkey = "icinga-c2.key",
+	ca = "ca.crt",
-	pubkey = "icinga-c2.crt",
+	cert = "icinga-c2.pem",
 
-	cakey = "ca.crt",
 	node = "192.168.2.235",
 	service = 7777
 }

icinga-app/icinga3.conf

@@ -1,7 +1,6 @@
 local object application "icinga" {
-	privkey = "icinga-c3.key",
+	ca = "ca.crt",
-	pubkey = "icinga-c3.crt",
+	cert = "icinga-c3.pem",
-	cakey = "ca.crt",
 
 	node = "10.0.10.14",
 	service = 9999

icinga/icingaapplication.cpp

@@ -75,20 +75,19 @@ int IcingaApplication::Main(const vector<string>& args)
 	if (!icingaConfig->IsLocal())
 		throw runtime_error("'icinga' application object must be 'local'.");
 
-	icingaConfig->GetProperty("privkey", &m_PrivateKeyFile);
+	icingaConfig->GetProperty("cert", &m_CertificateFile);
-	icingaConfig->GetProperty("pubkey", &m_PublicKeyFile);
+	icingaConfig->GetProperty("ca", &m_CAFile);
-	icingaConfig->GetProperty("cakey", &m_CAKeyFile);
 	icingaConfig->GetProperty("node", &m_Node);
 	icingaConfig->GetProperty("service", &m_Service);
 
-	if (!GetPrivateKeyFile().empty() && !GetPublicKeyFile().empty() && !GetCAKeyFile().empty()) {
+	if (!GetCertificateFile().empty() && !GetCAFile().empty()) {
 		/* set up SSL context */
-		shared_ptr<X509> cert = Utility::GetX509Certificate(GetPublicKeyFile());
+		shared_ptr<X509> cert = Utility::GetX509Certificate(GetCertificateFile());
 		string identity = Utility::GetCertificateCN(cert);
 		Application::Log(LogInformation, "icinga", "My identity: " + identity);
 		m_EndpointManager->SetIdentity(identity);
 
-		shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext(GetPublicKeyFile(), GetPrivateKeyFile(), GetCAKeyFile());
+		shared_ptr<SSL_CTX> sslContext = Utility::MakeSSLContext(GetCertificateFile(), GetCertificateFile(), GetCAFile());
 		m_EndpointManager->SetSSLContext(sslContext);
 	}
 
@@ -136,19 +135,14 @@ void IcingaApplication::DeletedComponentHandler(const ConfigObject::Ptr& object)
 	UnregisterComponent(component);
 }
 
-string IcingaApplication::GetPrivateKeyFile(void) const
+string IcingaApplication::GetCertificateFile(void) const
 {
-	return m_PrivateKeyFile;
+	return m_CertificateFile;
 }
 
-string IcingaApplication::GetPublicKeyFile(void) const
+string IcingaApplication::GetCAFile(void) const
 {
-	return m_PublicKeyFile;
+	return m_CAFile;
-}
-
-string IcingaApplication::GetCAKeyFile(void) const
-{
-	return m_CAKeyFile;
 }
 
 string IcingaApplication::GetNode(void) const

icinga/icingaapplication.h

@@ -38,18 +38,16 @@ public:
 
 	EndpointManager::Ptr GetEndpointManager(void);
 
-	string GetPrivateKeyFile(void) const;
+	string GetCertificateFile(void) const;
-	string GetPublicKeyFile(void) const;
+	string GetCAFile(void) const;
-	string GetCAKeyFile(void) const;
 	string GetNode(void) const;
 	string GetService(void) const;
 
 private:
 	EndpointManager::Ptr m_EndpointManager;
 
-	string m_PrivateKeyFile;
+	string m_CertificateFile;
-	string m_PublicKeyFile;
+	string m_CAFile;
-	string m_CAKeyFile;
 	string m_Node;
 	string m_Service;