Ad Widget

Collapse

Windows agent and encryption. Service wont restart.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Windows agent and encryption. Service wont restart.

    I want to enable psk encryption for the agent on my windows servers but I'm hitting a road block.

    The agent without encryption settings communicates like it should, but when I edit the zabbix_agentd.win.conf to enable the psk settings like below the service will not restart.
    I'm using 4.0.5 agents and I've tried both the SSL and plain downloads. I have a key.psk file with just the key string in it.

    Am I missing something obvious?

    Also, what are people using on windows to generate a PSK? I'm just trying to use the example value from the manual pages. (I'm new to encryption in general)

    ####### TLS-RELATED PARAMETERS #######

    ### Option: TLSConnect
    # How the agent should connect to server or proxy. Used for active checks.
    # Only one value can be specified:
    # unencrypted - connect without encryption
    # psk - connect using TLS and a pre-shared key
    # cert - connect using TLS and a certificate
    #
    # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
    # Default:
    TLSConnect=psk

    ### Option: TLSAccept
    # What incoming connections to accept.
    # Multiple values can be specified, separated by comma:
    # unencrypted - accept connections without encryption
    # psk - accept connections secured with TLS and a pre-shared key
    # cert - accept connections secured with TLS and a certificate
    #
    # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
    # Default:
    TLSAccept=psk

    ### Option: TLSCAFile
    # Full pathname of a file containing the top-level CA(s) certificates for
    # peer certificate verification.
    #
    # Mandatory: no
    # Default:
    # TLSCAFile=

    ### Option: TLSCRLFile
    # Full pathname of a file containing revoked certificates.
    #
    # Mandatory: no
    # Default:
    # TLSCRLFile=

    ### Option: TLSServerCertIssuer
    # Allowed server certificate issuer.
    #
    # Mandatory: no
    # Default:
    # TLSServerCertIssuer=

    ### Option: TLSServerCertSubject
    # Allowed server certificate subject.
    #
    # Mandatory: no
    # Default:
    # TLSServerCertSubject=

    ### Option: TLSCertFile
    # Full pathname of a file containing the agent certificate or certificate chain.
    #
    # Mandatory: no
    # Default:
    # TLSCertFile=

    ### Option: TLSKeyFile
    # Full pathname of a file containing the agent private key.
    #
    # Mandatory: no
    # Default:
    # TLSKeyFile=

    ### Option: TLSPSKIdentity
    # Unique, case sensitive string used to identify the pre-shared key.
    #
    # Mandatory: no
    # Default:
    TLSPSKIdentity=PSK 001

    ### Option: TLSPSKFile
    # Full pathname of a file containing the pre-shared key.
    #
    # Mandatory: no
    # Default:
    TLSPSKFile=C:\zabbixagent\key.psk

    #2
    Try running it on the command prompt.
    I think you can check the cause of the failure in the error message.

    ex.
    zabbix_agentd.exe -c C:\zabbix\zabbix_agentd.conf

    Comment

    Announcement

    Collapse
    No announcement yet.
    Working...
    X