Hello,

I tried to migrate my agents to encrypted connections. Here are commands How I generated certificates

openssl genrsa -aes256 -out zabbix_ca.key 4096
openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt
openssl genrsa -out zabbix_server.key 2048
openssl req -new -key zabbix_server.key -out zabbix_server.csr
openssl x509 -req -in zabbix_server.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_server.crt -days 1460 -sha256
openssl genrsa -out zabbix_agent.key 2048
openssl req -new -key zabbix_agent.key -out zabbix_agent.csr
openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 1460 -sha256

then I tried to restart zabbix agent

cannot load CA certificate(s) from file "/etc/zabbix/keys/zabbix_ca.crt": file ../crypto/bio/bss_file.c line 74: error:0200100D:system library:fopen:Permission denied: fopen('/etc/zabbix/keys/zabbix_ca.crt','r') file ../crypto/bio/bss_file.c line 83: error:2006D002:BIO routines:BIO_new_file:system lib file ../crypto/x509/by_file.c line 199: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

 Permissions seems be right:

-r-x------ 1 zabbix zabbix 1923 nov 20 11:43 zabbix_ca.crt

Thank you in advance.