Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-9806

Certificate Encryption Revamp for Agent/2

XMLWordPrintable

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • Agent (G), Server (S)
    • None

      Request/Feature

      1. TLSConnect Changes
        1. Agent/2 should require only 3 input parameters, with an optional 4th.
      2. TLSAccept Changes
        1. Agent/2 should require 4 input parameters, with an optional 5th.

      Current Behaviour

      Zabbix Agent/2 (v. 7.2.X, 7.0.X, 6.0.X) currently expects four input parameters:

      • TLSConnect
      • TLSCAFile
      • TLSCertFile
      • TLSKeyFile

      It should only expect three in a fully active configuration, where the agent contacts the server.

      • TLSConnect
      • TLSCAFile
      • TLSCertFile

      Conversely, if zabbix-server is connecting to an agent/2 instance, it should only have 3 input requirements (CA, Cert, Connect), whilst zabbix-agent/2 should have 4 (TLSAccept, CA, Cert, Key.)

      Justification

      In PKI, the [private] key is to be held by the server whose identity is being proven. Having that key is after all the proof that you are the authorized target server. The public key (the CA and the Cert file) is the public certificate for anyone who might want to verify the identity.

      Why Private Keys Should Not be Shared

      Other changes{}

      • Full support for SANs.

            vso Vladislavs Sokurenko
            MRedbourne_BR Michael Redbourne
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: