New TLSFrontend* zabbix_server.config issues

XMLWordPrintable

    • Type: Problem report
    • Resolution: Unresolved
    • Priority: Trivial
    • None
    • Affects Version/s: 7.4.1
    • Component/s: Server (S)
    • None

      Steps to reproduce:

      1. Try https://www.zabbix.com/documentation/7.4/en/manual/introduction/whatsnew#tls-encryption-between-frontend-and-server

      Result:

      1. Trailing whitespace added to zabbix_server.conf on upgrade
      2. No documentation whether TLSCAFile= applies also to TLSFrontendAccept=cert or how server validates frontend certificate in general. Not in config file and not in documentation:
        Parameter Description
        TLS CA file Specify the full path to the Certificate Authority (CA) certificate file used to verify the server’s certificate.

      Also TLSFrontendCertSubject= allows only one string causing same PKI problems in frontend HA as TLSServerCertSubject in ZBX-24939 for server HA.

            Assignee:
            Zabbix Development Team
            Reporter:
            user185953
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: