[ZBX-15191] Cert Encryption is not working Created: 2018 Nov 20 Updated: 2018 Nov 22 Resolved: 2018 Nov 20 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Agent (G) |
Affects Version/s: | 4.0.1 |
Fix Version/s: | None |
Type: | Incident report | Priority: | Minor |
Reporter: | asdfg | Assignee: | Unassigned |
Resolution: | Won't fix | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Debian 9, Zabbix Server & Agent 4.0.1 |
Description |
Hello, I tried to migrate my agents to encrypted connections. Here are commands How I generated certificates openssl genrsa -aes256 -out zabbix_ca.key 4096 then I tried to restart zabbix agent cannot load CA certificate(s) from file "/etc/zabbix/keys/zabbix_ca.crt": file ../crypto/bio/bss_file.c line 74: error:0200100D:system library:fopen:Permission denied: fopen('/etc/zabbix/keys/zabbix_ca.crt','r') file ../crypto/bio/bss_file.c line 83: error:2006D002:BIO routines:BIO_new_file:system lib file ../crypto/x509/by_file.c line 199: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib Permissions seems be right: -r-x------ 1 zabbix zabbix 1923 nov 20 11:43 zabbix_ca.crt Thank you in advance. |
Comments |
Comment by asdfg [ 2018 Nov 20 ] |
openssl genrsa -aes256 -out zabbix_ca.key 4096 |
Comment by Andris Mednis [ 2018 Nov 20 ] |
is not quite right. Certificate file does not need to be executable.
would be sufficient. |
Comment by asdfg [ 2018 Nov 20 ] |
Same...
/etc/zabbix/keys# ls -la |
Comment by Andris Mednis [ 2018 Nov 20 ] |
You can try chmod u+x /etc/zabbix/keys |
Comment by asdfg [ 2018 Nov 20 ] |
Working, thank you. |