Merge pull request #147 from Icinga/fix/ssl_error_on_name_change

Fix: SSL creation on reconfigure might fail if naming changed from upper/lower case

Fixes an issue while changing the hostname between upper/lower case which might cause unwanted exceptions on one hand but also required manual signing of requests on the CA master as the signing process was not completed

Author: LordHepipud

doc/31-Changelog.md

@@ -26,6 +26,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#127](https://github.com/Icinga/icinga-powershell-framework/issues/127) Fixes wrong error message on failed MSSQL connection due to database not reachable by using `-IntegratedSecurity`
 * [#128](https://github.com/Icinga/icinga-powershell-framework/issues/128) Fixes unhandled output from loading `System.Reflection.Assembly` which can cause weird side effects for plugin outputs
 * [#130](https://github.com/Icinga/icinga-powershell-framework/issues/130) Fix crash while running services as background task to collect metrics over time by missing Performance Counter cache initialisation
+* [#133](https://github.com/Icinga/icinga-powershell-framework/issues/133), [#147](https://github.com/Icinga/icinga-powershell-framework/pull/147) Fixes an issue while changing the hostname between upper/lower case which might cause unwanted exceptions on one hand but also required manual signing of requests on the CA master as the signing process was not completed
 * [#138](https://github.com/Icinga/icinga-powershell-framework/issues/138) Fixes possible value overflow on `Convert-Bytes` while converting from anything larger than MB to Bytes
 * [#140](https://github.com/Icinga/icinga-powershell-framework/issues/140) Fixes version fetching for not loaded modules during upgrades/plugin calls with `Get-IcingaPowerShellModuleVersion`
 * [#143](https://github.com/Icinga/icinga-powershell-framework/issues/143) Fixes the annoying hint from the analyzer to check space before open brace

lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1

@@ -82,6 +82,9 @@ function Install-IcingaAgentCertificates()
             Write-IcingaConsoleError 'Failed to generate host certificate';
             return $FALSE;
         }
+
+        # Once we generated new host certificates, we always require to sign them if possible
+        $Force = $TRUE;
     }
 
     if ([string]::IsNullOrEmpty($Endpoint) -And [string]::IsNullOrEmpty($CACert)) {
@@ -226,8 +229,9 @@ function Test-IcingaAgentCertificates()
         return $FALSE;
     }
 
-    [string]$hostCRT = [string]::Format('{0}.crt', $Hostname);
-    [string]$hostKEY = [string]::Format('{0}.key', $Hostname);
+    [string]$hostCRT       = [string]::Format('{0}.crt', $Hostname);
+    [string]$hostKEY       = [string]::Format('{0}.key', $Hostname);
+    [bool]$CertNameInvalid = $FALSE;
 
     $certificates = Get-ChildItem -Path $CertDirectory;
     # Now loop each file and match their name with our hostname
@@ -236,11 +240,18 @@ function Test-IcingaAgentCertificates()
             $file = $cert.Name.Replace('.key', '').Replace('.crt', '');
             if (-Not ($file -clike $Hostname)) {
                 Write-IcingaConsoleWarning ([string]::Format('Certificate file {0} is not matching the hostname {1}. Certificate generation is required.', $cert.Name, $Hostname));
-                return $FALSE;
+                $CertNameInvalid = $TRUE;
+                break;
             }
         }
     }
 
+    if ($CertNameInvalid) {
+        Remove-Item -Path (Join-Path -Path $CertDirectory -ChildPath $hostCRT) -Force;
+        Remove-Item -Path (Join-Path -Path $CertDirectory -ChildPath $hostKEY) -Force;
+        return $FALSE;
+    }
+
     Write-IcingaConsoleNotice 'Icinga host certificates are present and valid. No generation required';
 
     return $TRUE;