Markus Frosch

I'd use `application/octet-stream`, it is a safe default to push a file 1:1 binary wise. Avoids complexity and should work for everyone.

I've added a bit of explanation here: https://github.com/Icinga/icinga2/issues/7719#issuecomment-935826460

Nice, it is not with monitoring for host/service listings. The second point way especially for comment listing or detail views, so maybe an extra button to reset ack there?

I'm with you on that. For icinga2 ack comment is just a field type for the Comment object, so there is just no other implementation here.

Maybe just fix it on both ends? Multiple ack comments are possible even.

Maybe that was an Icinga 1 thing, I've seen it before :)

How can we fix this?

Can we consider this for 2.14? Should be a simple feature toggle to avoid certificate issues when Icinga is not the CA.

The problematic validation happens in the renewal logic, certificate validation with root and chain happens in OpenSSL anyways. `VerifyCertificate` is only called in the renewal logic and some CLI commands.

I'm running on 4.1 since Tuesday, my system is Debian jessie with Linux 4.1 from experimental. ``` Linux emelia 4.1.0-trunk-amd64 #1 SMP Debian 4.1.2-1~exp1 (2015-07-11) x86_64 GNU/Linux ``` No freezing...