we are working with agent-server communication encryption
- two-way encryption works fine ?
- we would like to have one-way encryption (asymmetric) so when client initiate communication with server (while keeping it unencrypted the other way around).
The problem we have with one way encryption is that, even if only TLSConnect is equal to "cert", so encryption should be used only for agent outbound connections, the agent will not start without an agent certificate as well/key.
I.e. agent configuration file:
The agent on Windows will not start.
The same happens with the Linux agent ? but providing a clearer error:
Starting Zabbix agent: zabbix_agentd : ERROR: parameter "TLSConnect" value requires "TLSCertFile", but it is not defined
Is this expected, i.e. by design Zabbix is using not only encryption but also client authentication over TLS (so the server will ask the client, in this case the agent to provide its certificate to authenticate it? Otherwise, if this is not the intended design, can it be classified as an issue/bug?
Thanks in advance for your help