Problem Description
I'm experiencing repository access issues when trying to install/update Zabbix on RHEL9 and derivates systems that have the crypto-policies set to FUTURE. The error occurs when dnf/yum tries to access the official Zabbix repository:

Updating Subscription Management repositories. Zabbix Official Repository - x86_64 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'zabbix': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for [https://repo.zabbix.com/zabbix/6.0/r...ata/repomd.xml](https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/repodata/repomd.xml) [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'zabbix': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

 
{{}}
Root Cause
After investigating the SSL certificates, I found that:

• repo.zabbix.com uses an RSA 2048-bit certificate
• The FUTURE crypto policy requires RSA keys of 3072 bits or higher
• Other repositories work fine because they use RSA 4096-bit certificates

 
Could the Zabbix team please upgrade the SSL certificate for repo.zabbix.com to use RSA 3072-bit (or higher) keys?{}

This would resolve the compatibility issue with: RHEL and Rocky systems using FUTURE crypto policy
 

Environment Details

• OS: Red Hat Enterprise Linux 9
• Crypto Policy: FUTURE (update-crypto-policies --set FUTURE)
• Repository: https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/
• Issue: RSA 2048-bit certificate rejected by FUTURE policy (requires 3072+ bits)
   

Thanks for considering this enhancement!