-
Incident report
-
Resolution: Won't fix
-
Minor
-
None
-
3.4.9
-
None
-
Linux Centos 7
Steps to reproduce:
- Get a free Let's Encrypt certificate
- Configure zabbix_agentd.conf with the private key file, cert file and top level CA cert
- Run Zabbix Agent
Result:
28488:20180522:233110.362 TLS support: YES
28488:20180522:233110.362 **************************
28488:20180522:233110.362 using configuration file: /etc/zabbix/zabbix_agentd.conf
28488:20180522:233110.362 agent #0 started [main process]
28490:20180522:233110.363 agent #2 started listener #1
28489:20180522:233110.366 agent #1 started [collector]
28492:20180522:233110.366 agent #4 started listener #3
28491:20180522:233110.366 agent #3 started listener #2
28493:20180522:233110.368 agent #5 started active checks #1
28493:20180522:233110.373 active check configuration update from [35.165.3.134:10051] started to fail (TCP successful, cannot establish TLS to [[35.165.3.134]:10051]: self signed certificate in certificate chain: SSL_connect() set result code to SSL_ERROR_SSL: file s3_clnt.c line 1264: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: TLS write fatal alert "unknown CA")
28491:20180522:233132.916 failed to accept an incoming connection: from 35.165.3.134: TLS connection has been closed during handshake: file s3_pkt.c line 1493: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48: TLS read fatal alert "unknown CA"
Expected:
Zabbix Agent should not return this error.
Attachments:
Results of running openssl checks for the certificates