Hi,

I'm currently encountering an issue enabling TLS certificate encryption for active zabbix agent.

When I enable TLS certificate encryption, following error appears: certificate issuer does not match for host "name_of_my_host"

My certificate has been generated from the issuer certificate declared in my host encryption configuration on Zabbix Server web interface.

Here the way I've built my "certification authority"

root CA key: openssl genrsa -aes256 -out zabbix_ca.key 4096
root ca cert: openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt

certificate agent:

openssl genrsa -out zabbix_agent.key 4096
openssl req -new -key zabbix_agent.key -out zabbix_agent.csr
openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 3650 -sha256

The CN of the certificate is the FQDN of my server which match with the host name declared on Zabbix.

My zabbix server is a v3.4.9 and my agent a v3.0.21

I really don't understand why it isn't accepted.

Thanks for your help.

Seb.