|
Error message: "Cannot perform request: could not load PEM client certificate, OpenSSL error error:80000002:system library::No such file or directory, (no key found, wrong pass phrase, or wrong file format?)"
|
|
azyla HTTP Agent checks that require a client cert are not working in 7.0.0. If this is trivial, please provide the workaround. Thanks
|
|
The same issue also occurs when running the HTTP check from the proxy, using the zabbix-proxy-sqlite3:7.0.0-ol container image.
When running the HTTP metrics reader from the web GUI as a test, it completes without an error and returns the correct content. when the proxy runs the reader on schedule, it fails however.
As a workaround, I can replace the HTTP check by external check running curl:
curl --cacert /var/lib/zabbix/ssl/ssl_ca/etcd-ca.pem --cert /var/lib/zabbix/ssl/certs/etcd.crt --key /var/lib/zabbix/ssl/keys/etcd.key https://x.x.x.x/health
|
|
With 7.0.1, the error message I see is `could not load PEM client certificate from (null)/client.crt`. It looks like maybe the `SSLCertLocation` is not properly prefixed?
|
|
Are you planning to fix that? I don't understand why this is not fixed when we have zabbix 7.0.2 out
|
|
I'm using the following community template to monitor Docker Swarm, and I have the same issue:
https://github.com/zabbix/community-templates/tree/main/Virtualization/Docker/template_docker_swarm_monitoring/6.0
Error: Cannot perform request: could not load PEM client certificate from (null)/docker.crt, OpenSSL error error:80000002:system library::No such file or directory, (no key found, wrong pass phrase, or wrong file format?)
I have tried to explicit configure the SSL file location in the zabbix_server.conf file without success.
|
|
Hi azyla,
any update on this, please?
We are having the same issue in Zabbix 7.0.3
Thanks.
|
|
azyla Any updates on this? Again, please specify how this is trivial. Might as well remove any mention of "SSL" on the HTTP agent docs until this is fixed. This documented feature isn't working at all since 7.0.
|
|
Hi
I update in 7.0.4 and it seems it is ok ? I only have 1 check using pem, but my data come back ....
|
|
I am also at version 7.0.4 and it still doesn't work for me.
|
|
Indeed. Originally, my problem was with a Zabbix-proxy 7.0.3. I recompiled a 7.0.3 myself, patching it in a VERY ugly way to make it work, and I had only replaced the binary.
During an upgrade, everything was updated to 7.0.4, and my binary was indeed replaced, as I saw the version change in my items/triggers that check the proxy.
BUT during a reboot, the error “returned”, so I put back my 7.0.3 binary.
I don’t understand how I could have had a working 7.0.4 for a while…
In any case, the error must come from a refactoring of the variables that took place. My “ugly” patch “for the proxy” just reinjects the default value if it’s null “just” at the place where it’s used, but the overall code level is beyond me to detect where the problem comes from upstream…
|
|
sasha Can you perhaps weigh-in on this? If this is "trivial", what is the workaround to get it working in any way?
|
|
Thank you for pointing out this ticket. Our development team will check this issue.
|
|
Cannot reproduce with 7.0.1 and current release/7.0.
Do you have in zabbix_server.conf file parameters SSLCertLocation and SSLKeyLocation set, for example:
Is certificate in PEM format? You can check it like
|
|
Yes, I have those set. Also, note that the item will appear to work via the web interface "execute now", but fails when the item actually executes via its set interval.
|
|
Thanks, JacobR!
Also, note that the item will appear to work via the web interface "execute now", but fails when the item actually executes via its set interval.
was helpful to reproduce.
|
|
Available in versions:
|
Generated at Tue Apr 29 08:32:20 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.
image-2024-06-20-14-12-14-485.png
Team C
