Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22080

HTTP agent checks interprets certs permission issue as a key mismatch

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 6.0.12, 6.2.6, 6.4.0beta4
    • Proxy (P), Server (S)
    • None
    • RHEL 8.7
      LTS 6.0.12

      Steps to reproduce:

      1. Try to use HTTP agent with certificates for some endpoint:
      2. Remove permission from do read from zabbix user/group key file.

      Result:

      Cannot perform request: unable to set private key file: '/etc/zabbix/certs/some-key.pem' type PEM

      This error means that cert/key pair doesn't match each other.

      But check with:

      openssl x509 -noout -modulus -in some.pem | openssl md5
(stdin)= cb34074b9c231ffbeb49dcd7f323bc5a

openssl rsa -noout -modulus -in some-key.pem | openssl md5
(stdin)= cb34074b9c231ffbeb49dcd7f323bc5a

      Add permissions, remove permissions from cert file:

      Cannot perform request: could not load PEM client certificate, OpenSSL error error:0200100D:system library:fopen:Permission denied, (no key found, wrong pass phrase, or wrong file format?)

      Problem: do not use 'permission deny error' result as a key which doesn't much certificate file.

      Expected:
      Permission deny error. Not key and certificate mismatch.

        1. Screenshot 2022-12-14 at 10.57.08.png
          36 kB
          Edgar Akhmetshin

            zabbix.dev Zabbix Development Team
            edgar.akhmetshin Edgar Akhmetshin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: