Zabbix Documentation 3.0

2.23.04.0 (current)In development:4.2 (devel)Unsupported:1.82.02.43.23.4

User Tools

Site Tools


manual:encryption:troubleshooting:certificate_problems

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:encryption:troubleshooting:certificate_problems [2018/08/09 08:07]
martins-v autonumbering removal
manual:encryption:troubleshooting:certificate_problems [2018/11/08 05:53] (current)
martins-v minor grammar fix
Line 51: Line 51:
   cannot connect to proxy "​proxy-openssl-1.0.1e":​ TCP successful, cannot establish TLS to [[127.0.0.1]:​20004]:​\   cannot connect to proxy "​proxy-openssl-1.0.1e":​ TCP successful, cannot establish TLS to [[127.0.0.1]:​20004]:​\
         invalid peer certificate:​ revoked, CRL expired         invalid peer certificate:​ revoked, CRL expired
 +        ​
 +=== Self-signed certificate,​ unknown CA ===
 +
 +__//​OpenSSL//​__,​ in log:
 +
 +  error:'​self signed certificate:​ SSL_connect() set result code to SSL_ERROR_SSL:​ file ../​ssl/​statem/​statem_clnt.c\
 +        line 1924: error:​1416F086:​SSL routines:​tls_process_server_certificate:​certificate verify failed:\
 +        TLS write fatal alert "​unknown CA"'​
 +
 +This was observed when server certificate by mistake had the same Issuer and Subject string, although it was signed by CA. Issuer and Subject are equal in top-level CA certificate,​ but they cannot be equal in server certificate. (The same applies to proxy and agent certificates.)