Ad Widget

Collapse

HTTPS login on ZABBIX

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jsantiago
    Member
    • May 2012
    • 39
    #1

    HTTPS login on ZABBIX

    HTTPS login on ZABBIX

    Is there anyone here that has done HTTPS login on ZABBIX?

    Would it be OK if I ask some details on you did it.
    I'm currently using the default zabbix appliance with very little customization .

    Hoping to hear from you soon. Thank you.
    Tags: None
    • angelhc
      Senior Member
      Zabbix Certified Specialist
      • Nov 2009
      • 226
      #2
      Yes, all my zabbix servers are on https.
      It's so easy to configure, I've follow this steps:

      cd /etc/pki/tls

      --Delete all the previous certs:
      rm -f certs/dominio.tld.crt private/dominio.tld.key
      rm -f certs/dominio.tld.csr private/dominio.tld.pem

      --Build a new 2048 key
      openssl genrsa -des3 -out private/dominio.tld.key 2048
      --If you only use that command above, each time you start your http process the system ask you for the passwd
      --If you don't want to insert the passwd each time, you must to generate a digital RSA sign :
      openssl rsa -in private/dominio.tld.key -out private/dominio.tld.pem
      --After that, you need to build a cert request to the RA (Registration Authority):
      openssl req -new -key private/dominio.tld.key -out certs/dominio.tld.csr
      The request ask you for some information to be generated:

      You are about to be asked to enter information that will be
      incorporated into your certificate request.
      What you are about to enter is what is called a Distinguished Name or
      a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
      Country Name (2 letter code) [GB]:ES
      State or Province Name (full name) [Berkshire]:Madrid
      Locality Name (eg, city) [Newbury]:Bronxtoles
      Organization Name (eg, company) [My Company Ltd]:
      Organizational Unit Name (eg, section) []:SoporteServiciosIT
      Common Name (eg, your name or your server's hostname) []:*.dominio.tld
      Email Address []:[email protected]

      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:


      --Limit the rights of your new files:
      chmod 400 private/dominio.tld.key private/dominio.tld.pem
      chmod 400 certs/dominio.tld.csr certs/dominio.tld.crt

      --Edit your ssl.conf file:
      vim /etc/httpd/conf.d/ssl.conf
      --Change the name of this lines with the new file names:
      SSLCertificateFile /etc/pki/tls/certs/localhost.crt --> SSLCertificateFile /etc/pki/tls/certs/dominio.tld.crt
      SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -->SSLCertificateKeyFile /etc/pki/tls/private/dominio.tld.pem

      --Restart the service:
      service httpd restart

      That's all!
      Number of hosts 1600,Number of items +90k,Number of triggers +22k, Number of users +100, New values per second +1270

      http://zabbixes.wordpress.com/

        Comment

        • jsantiago
          Member
          • May 2012
          • 39
          #3
          Thank you for the quick response angelhc.

          Will try this out, hopefully I'll be able to replicate your success in doing so.

          Thank you.

            Comment

            • jsantiago
              Member
              • May 2012
              • 39
              #4
              hi angelhc,

              I came to sum bumps while following your instructions.
              Though ultimately, I was able to create the 2 files .crt and .key and followed your instructions, but wasn't successful.

              I did however, edited ssl-global.conf instead of ssl.conf that you described here are the files the same?

              I also did some research and came across on editing the virtual host:
              How to configure HTTPS on Apache 2
              http://beeznest.wordpress.com/2008/04/25/how-to-configure-https-on-apache-2/
              Introduction Setting up several VirtualHost’s on an Apache2 server is easy. Setting up several VirtualHost’s on an Apache 2 server, some of them using SSL (HTTPS) is considerably less e…


              Did you not change the host file on your configuration?

              Thank you.

              Regards,
              Jemel

                Comment

                • jsantiago
                  Member
                  • May 2012
                  • 39
                  #5
                  For those planning to implement the same thing...

                  Follow angelhc comment on:

                  --Build a new 2048 key
                  openssl genrsa -des3 -out private/dominio.tld.key 2048
                  --If you only use that command above, each time you start your http process the system ask you for the passwd
                  --If you don't want to insert the passwd each time, you must to generate a digital RSA sign :
                  openssl rsa -in private/dominio.tld.key -out private/dominio.tld.pem
                  --After that, you need to build a cert request to the RA (Registration Authority):
                  openssl req -new -key private/dominio.tld.key -out certs/dominio.tld.csr
                  The request ask you for some information to be generated:

                  You are about to be asked to enter information that will be
                  incorporated into your certificate request.
                  What you are about to enter is what is called a Distinguished Name or
                  a DN.
                  There are quite a few fields but you can leave some blank
                  For some fields there will be a default value,
                  If you enter '.', the field will be left blank.
                  -----
                  Country Name (2 letter code) [GB]:ES
                  State or Province Name (full name) [Berkshire]:Madrid
                  Locality Name (eg, city) [Newbury]:Bronxtoles
                  Organization Name (eg, company) [My Company Ltd]:
                  Organizational Unit Name (eg, section) []:SoporteServiciosIT
                  Common Name (eg, your name or your server's hostname) []:*.dominio.tld
                  Email Address []:[email protected]

                  Please enter the following 'extra' attributes
                  to be sent with your certificate request
                  A challenge password []:
                  An optional company name []:

                  Then...

                  1. Create a file of ssl-vhost from vhost.d/vhost-ssl.template
                  A. Add the certificates and certificatekey file - the files you've created above.

                  2. Edit the main httpd.conf located at /etc/apache2 to include the file you've created above. ssl-vhost.conf

                  3. Edit /etc/sysconfig/apache2 to include "ZABBIX SSL"

                  Hope this helps someone.

                  Thank you angelhc.

                    Comment

                    Previous template Next
                    Working...