Management Console: SSL/TSL-errors when selecting "[3] Overview"

[tectumopticum]

Expected Behavior

After starting the "Icinga for Windows Management Console" with the command "icinga" in an Admin-PS, you should get detailed information about the local IfW-environment when selecting "[3] Overwiew" from the menu.
Excerpt:
[...]

Installed components on this system:

Component    Version   Available
---          ---       ---
agent        2.13.6    2.13.7
framework    1.10.1    1.10.1
plugins      1.10.1    1.10.1
restapi      1.2.0     1.2.0
service      1.2.0     1.2.0

[...]

Current Behavior

On some servers where special restrictions regarding ssl/tls-settings were applied (I must admit that I'm not informed about the reason for this), you'll get certain error-messages while the info is collected in the background and when it is finally displayed:

Installed components on this system:

Component    Version   Available
---          ---       ---
agent        2.13.6
framework    1.10.1
plugins      1.10.1
restapi      1.2.0
service      1.2.0

Available versions flagged with "*" mean that this component is locked to this version

[x] Exit [c] Continue [h] Help [l] Commands [m] Main [p] Previous

[Error]: Failed to establish secure SSL/TLS connection to https://fqdn/ifw.repo.json. Please ensure the certificate is valid and trusted and use "Set-IcingaTLSVersion" on older Windows machines. If you are using self-signed certificates, install them locally or use "Enable-IcingaUntrustedCertitifacateValidation". Error Message: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
[Error]: Failed to establish secure SSL/TLS connection to "https://fqdn/ifw.repo.json/ifw.repo.json". Please ensure the certificate is valid and trusted and use "Set-IcingaTLSVersion" on older Windows machines. If you  are using self-signed certificates, install them locally or use "Enable-IcingaUntrustedCertitifacateValidation". Error Message: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
[Error]: Unable to resolve repository URL https://fqdn/ifw.repo.json for repository "Icinga Stable CLAAS": You cannot call a method on a null-valued expression.

Input (Default c) (1/1):

Possible Solution

Probably a method exists to find out if the local settings will lead to this behaviour or the suggested commands (Set-IcingaTLSVersion; Enable-IcingaUntrustedCertitifacateValidation) should be executed before the data is collected / webcalls are executed.

Steps to Reproduce (for bugs)

1. open a powershell as admin
2. type "icinga" + return
3. select "Overview" ([3])
4. wait for the errors ;-)

Context

The error is not harmful but a little bit annoying.

Your Environment

agent 2.13.6
framework 1.10.1
plugins 1.10.1
restapi 1.2.0
service 1.2.0

• PowerShell Version used ($PSVersionTable.PSVersion):

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      14393  5582

• Operating System and version (Get-IcingaWindowsInformation Win32_OperatingSystem | Select-Object Version, BuildNumber, Caption):

Version    BuildNumber Caption
-------    ----------- -------
10.0.14393 14393       Microsoft Windows Server 2016 Datacenter

[LordHepipud]

Thank you for the report. I would rather not by default fallback to ignore SSL errors, for security reasons.

I could however implement something like this:

Management Console:

icinga -NoSSLValidation

Icinga Shell:

icinga -Shell -NoSSLValidation

This would start the IMC and Icinga Shell with the flag to not verify SSL certificates, which allows the user to control this behavior.