Ad Widget

Collapse

website certificate by zabbix agent 2 "failed to verify certicate"

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Sieniu
    Junior Member
    • Jul 2024
    • 2
    #1

    website certificate by zabbix agent 2 "failed to verify certicate"

    HI,
    I have same wildcare certificate (*.domain.com) on two urls: https://example1.domain.com and https://example2.domain.com
    I use "website certificate by zabbix agent 2" to check validate certificate. When I check example1.domain.com by agent 2 installed on centos 8.10 it returns result that certificate is invalid and "failed to verify certificate: x509: certificate signed by unknown authority""
    when I check second url example2.domain.com by agent 2 installed on centos 8.5 it returns correct result "valid".


    Where could be the problem?

    I used zabbix 6.4.15
    Tags: None
    • Answer selected by Sieniu at 15-07-2024, 11:10.
      Markku
      Senior Member
      Zabbix Certified SpecialistZabbix Certified ProfessionalZabbix Certified Expert
      • Sep 2018
      • 1781
      Are the websites configured correctly to return both the site certificate and the intermediate certificate(s) (= the chain)? If the website does not provide the intermediate certificate (that is usually used in the trust chain) then the TLS client cannot verify the certificate.

      You can use command like

      echo | openssl s_client -connect example1.domain.com:443

      to test the connection.

      Markku
        • Selected Answer

        Comment

        • Markku
          Senior Member
          Zabbix Certified SpecialistZabbix Certified ProfessionalZabbix Certified Expert
          • Sep 2018
          • 1781
          #2
          Are the websites configured correctly to return both the site certificate and the intermediate certificate(s) (= the chain)? If the website does not provide the intermediate certificate (that is usually used in the trust chain) then the TLS client cannot verify the certificate.

          You can use command like

          echo | openssl s_client -connect example1.domain.com:443

          to test the connection.

          Markku
            • Selected Answer

            Comment

            • Sieniu
              Junior Member
              • Jul 2024
              • 2
              #3
              Markku Thank you very much, exactly problem was that one server doesn't have chain
                👍 1

                Comment

                Previous template Next
                Working...