I have two Zabbix servers.
Server "A" is my primary zabbix server in my datacenter.
Server "B" is my backup zabbix server in my DR datacenter.
The "zabbix server" service on Server "A" is always running, however the "zabbix server" service on Server "B" never runs unless it is manually started up. Each server has their own unique SSL certificate / key.
I would like to further lock down my agents so that they only allow connections from server A and also from server B using the .conf file directives "TLSServerCertIssuer" and also "TLSServerCertSubject"
Is it possible to allow EITHER server A or server B certs?
It doesnt appear that its possible, but you never know.
Here is a snip from a sample conf file that I found on the internet. It would be nice if we could point it to a file instead of using the path.
TLSServerCertIssuer=CN=Signing CA,OU=Development group,O=Zabbix SIA,DC=zabbix,DC=com
TLSServerCertSubject=CN=Zabbix server,OU=Development group,O=Zabbix SIA,DC=zabbix,DC=com
Server "A" is my primary zabbix server in my datacenter.
Server "B" is my backup zabbix server in my DR datacenter.
The "zabbix server" service on Server "A" is always running, however the "zabbix server" service on Server "B" never runs unless it is manually started up. Each server has their own unique SSL certificate / key.
I would like to further lock down my agents so that they only allow connections from server A and also from server B using the .conf file directives "TLSServerCertIssuer" and also "TLSServerCertSubject"
Is it possible to allow EITHER server A or server B certs?
It doesnt appear that its possible, but you never know.
Here is a snip from a sample conf file that I found on the internet. It would be nice if we could point it to a file instead of using the path.
TLSServerCertIssuer=CN=Signing CA,OU=Development group,O=Zabbix SIA,DC=zabbix,DC=com
TLSServerCertSubject=CN=Zabbix server,OU=Development group,O=Zabbix SIA,DC=zabbix,DC=com
Comment