Details

    • Type: Incident report
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't fix
    • Affects Version/s: 4.0.1
    • Fix Version/s: None
    • Component/s: Agent (G)
    • Labels:
      None
    • Environment:
      Debian 9, Zabbix Server & Agent 4.0.1

      Description

       

      Hello,

      I tried to migrate my agents to encrypted connections. Here are commands How I generated certificates

      openssl genrsa -aes256 -out zabbix_ca.key 4096
      openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt
      openssl genrsa -out zabbix_server.key 2048
      openssl req -new -key zabbix_server.key -out zabbix_server.csr
      openssl x509 -req -in zabbix_server.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_server.crt -days 1460 -sha256
      openssl genrsa -out zabbix_agent.key 2048
      openssl req -new -key zabbix_agent.key -out zabbix_agent.csr
      openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 1460 -sha256

      then I tried to restart zabbix agent

      cannot load CA certificate(s) from file "/etc/zabbix/keys/zabbix_ca.crt": file ../crypto/bio/bss_file.c line 74: error:0200100D:system library:fopen:Permission denied: fopen('/etc/zabbix/keys/zabbix_ca.crt','r') file ../crypto/bio/bss_file.c line 83: error:2006D002:BIO routines:BIO_new_file:system lib file ../crypto/x509/by_file.c line 199: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

       Permissions seems be right:

      -r-x------ 1 zabbix zabbix 1923 nov 20 11:43 zabbix_ca.crt

      Thank you in advance.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              asdfg32 asdfg
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: