I have a Zabbix proxy connecting to the server with certificates, and I want to use a Zabbix agent on the same machine to connect to the proxy.
Zabbix TLS Proxy config:
TLSConnect=cert
TLSAccept=cert,psk,unencrypted
TLSCAFile=/opt/certs/zabbix_ca_file
TLSServerCertIssuer=CN=domain,DC=domain,DC=com
TLSServerCertSubject=CN=server.domain.com,OU=ou,O= company,L=city,ST=state,C=country
TLSCertFile=/opt/certs/zabbix_client.crt
TLSKeyFile=/opt/certs/client_csr.key
Zabbix TLS Agent config:
TLSConnect=psk
TLSAccept=unencrypted,psk
TLSPSKIdentity=zabbixproxy1w
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk
In the Agent log I see:
18416:20190902:113148.977 SSL_shutdown() with 127.0.0.1 set result code to 1: file ../ssl/ssl_lib.c line 2072: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
18416:20190902:113148.977 active check configuration update from [127.0.0.1:10051] started to fail (TLS read set result code to 1: file ../ssl/record/rec_layer_s3.c line 1528: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required: SSL alert number 116: TLS read fatal alert "unknown")
18416:20190902:113248.992 SSL_shutdown() with 127.0.0.1 set result code to 1: file ../ssl/ssl_lib.c line 2072: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
18416:20190902:113349.006 SSL_shutdown() with 127.0.0.1 set result code to 1: file ../ssl/ssl_lib.c line 2072: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
The data from the Agent is being received by the server. Any idea what these errors mean?
Zabbix TLS Proxy config:
TLSConnect=cert
TLSAccept=cert,psk,unencrypted
TLSCAFile=/opt/certs/zabbix_ca_file
TLSServerCertIssuer=CN=domain,DC=domain,DC=com
TLSServerCertSubject=CN=server.domain.com,OU=ou,O= company,L=city,ST=state,C=country
TLSCertFile=/opt/certs/zabbix_client.crt
TLSKeyFile=/opt/certs/client_csr.key
Zabbix TLS Agent config:
TLSConnect=psk
TLSAccept=unencrypted,psk
TLSPSKIdentity=zabbixproxy1w
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk
In the Agent log I see:
18416:20190902:113148.977 SSL_shutdown() with 127.0.0.1 set result code to 1: file ../ssl/ssl_lib.c line 2072: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
18416:20190902:113148.977 active check configuration update from [127.0.0.1:10051] started to fail (TLS read set result code to 1: file ../ssl/record/rec_layer_s3.c line 1528: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required: SSL alert number 116: TLS read fatal alert "unknown")
18416:20190902:113248.992 SSL_shutdown() with 127.0.0.1 set result code to 1: file ../ssl/ssl_lib.c line 2072: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
18416:20190902:113349.006 SSL_shutdown() with 127.0.0.1 set result code to 1: file ../ssl/ssl_lib.c line 2072: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
The data from the Agent is being received by the server. Any idea what these errors mean?
eer did not return a certificate: TLS write fatal alert "unknown"
Comment