Hello,

I have got problems to configure my MySQL server SSL connection on the Frontend (zabbix_server works fine). The error message is not very useful, but doing tests with a PHP script I was able to fix the problem.

The problem is related with the peer CN, because I am using CloudSQL and it creates a server certificate which matches the used name when connecting with the SQL Proxy, but it fails with direct connections using the IP address.

On the zabbix_server daemon exists an option to disable this verification and then it has worked fine from the begin. On the frontend that option doesn't exist and then the connection fails.

Will be possible to add this option in the PHP Frontend?.

I have fixed the problem just changing the line:

$tls_mode = MYSQLI_CLIENT_SSL;

to:

$tls_mode = MYSQLI_CLIENT_SSL|MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;

in the include/classes/db/MysqlDbBackend.php file.

Best regards.