I would like to suggest a method to allow auto registration when using encryption. I'm starting this after talking about it on IRC and I'm hoping to start a discussion.
Background: I am using a encrypted connection between my server and my proxys. I would also like to use an encrypted connection between my agents and my proxy. I would like that system admins, that hold no rights to my Zabbix installation are able to run an installer and add a host to zabbix. (without requiring manual actions) (or automated agent installs would be able to auto register/use encryption)
I am using a single PSK (this could be a cert) for all agents behind the same Proxy
Agents need to connect to their proxy/server without encryption to be able to auto register. After that, one has to set the psk options in the server side and change the agents config.
Allow a PSK or certificate to be set on the proxy for agent communications. A new agent, connecting to the proxy with the PSK or certificate would be accepted and would follow the normal auto registration. (the PSK or certificate could also be specifically set at that point).
Allowing me to do it this way would mean that I can make an parameterised installer that after running it, has auto registered and is using encryption.
The only downside I see is that all agents behind the same proxy would be using the same PSK or certificate. (for me personally that is not a direct issue).
Perhaps this idea can be build upon.