Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-26883

New TLSFrontend* zabbix_server.config issues

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • 7.4.1
    • Server (S)
    • None

      Steps to reproduce:

      1. Try https://www.zabbix.com/documentation/7.4/en/manual/introduction/whatsnew#tls-encryption-between-frontend-and-server

      Result:

      1. Trailing whitespace added to zabbix_server.conf on upgrade
      2. No documentation whether TLSCAFile= applies also to TLSFrontendAccept=cert or how server validates frontend certificate in general. Not in config file and not in documentation:
        Parameter Description
        TLS CA file Specify the full path to the Certificate Authority (CA) certificate file used to verify the server’s certificate.

      Also TLSFrontendCertSubject= allows only one string causing same PKI problems in frontend HA as TLSServerCertSubject in ZBX-24939 for server HA.

            zabbix.dev Zabbix Development Team
            user185953 user185953
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: