-
Incident report
-
Resolution: Won't fix
-
Minor
-
None
-
4.0.1
-
None
-
Debian 9, Zabbix Server & Agent 4.0.1
Hello,
I tried to migrate my agents to encrypted connections. Here are commands How I generated certificates
openssl genrsa -aes256 -out zabbix_ca.key 4096
openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt
openssl genrsa -out zabbix_server.key 2048
openssl req -new -key zabbix_server.key -out zabbix_server.csr
openssl x509 -req -in zabbix_server.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_server.crt -days 1460 -sha256
openssl genrsa -out zabbix_agent.key 2048
openssl req -new -key zabbix_agent.key -out zabbix_agent.csr
openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 1460 -sha256
then I tried to restart zabbix agent
cannot load CA certificate(s) from file "/etc/zabbix/keys/zabbix_ca.crt": file ../crypto/bio/bss_file.c line 74: error:0200100D:system library:fopen:Permission denied: fopen('/etc/zabbix/keys/zabbix_ca.crt','r') file ../crypto/bio/bss_file.c line 83: error:2006D002:BIO routines:BIO_new_file:system lib file ../crypto/x509/by_file.c line 199: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Permissions seems be right:
-r-x------ 1 zabbix zabbix 1923 nov 20 11:43 zabbix_ca.crt
Thank you in advance.