BeteiligungsDB.corp.diehl.com_2025_2.crt
[ZBX-25938] Cert: SSL certificate is invalid Created: 2025 Jan 27 Updated: 2025 Feb 18 Resolved: 2025 Feb 18 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Agent2 plugin (G), Templates (T) |
| Affects Version/s: | 7.0.8 |
| Fix Version/s: | None |
| Type: | Incident report | Priority: | Trivial |
| Reporter: | Mario Distler | Assignee: | Piotr Zakrzewski |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Client: VM RHEL 9.5, zabbix_agent2 (Zabbix) 7.0.8 Revision f6fc7395b73 6 January 2025 |
||
| Attachments: |
BeteiligungsDB.corp.diehl.com_2025_2.crt
|
| Description |
|
After changing an expired SSL-Cert on a zabbix agent2 monitored Client with template "Website certificate by Zabbix agent 2", we get a "Problem" with the newly added cert.
Steps to reproduce:
Result: |
| Comments |
| Comment by Piotr Zakrzewski [ 2025 Jan 29 ] |
|
Hello Mario, Thank you for reporting the issue. To proceed, we’d like to confirm a few points: 1.Can you verify if the Root CA and Intermediate CAs are properly configured and trusted on the monitored client, Zabbix Proxy, and Server? 2.Could you share a screenshot or log snippet showing the error x509: unhandled critical extension? 3.Is the monitored domain correctly matching the certificate’s CN or SAN?
Once we have these details, we’ll provide further recommendations. Let us know if you need any clarification!
BR |
| Comment by Mario Distler [ 2025 Feb 10 ] |
|
Hi! Problem is solved, we discovered a slightly missconfigured cert chain, that contained wrong named constraints. We can close this "issue" now. |