Zabbix GUI: Cannot connect to MariaDB Database using .PEM certificates
Hi Guys,
I'm having trouble setting up a TLS connection from Zabbix Frontend to a MariaDB database using X509 certificates.
Here's the environment I set up:
MariaDB Database Config:
ssl_ca=/etc/mysql/certs/CA-CERT.pem
ssl_cert=/etc/mysql/certs/DB-CERT.pem
ssl_key=/etc/mysql/certs/DB-KEY.pem
require_secure_transport=ON
bind-address = 0.0.0.0
port=3306
MariaDB User Config:
CREATE USER "zabbix"@"%" IDENTIFIED BY "zabbix" REQUIRE X509;
GRANT ALL PRIVILEGES ON zabbix.* TO "zabbix"@"%";
Zabbix GUI Configuration File:
$DB['TYPE'] = 'MYSQL';
$DB['SERVER'] = '172.16.20.131';
$DB['PORT'] = '3306';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbix';
$DB['PASSWORD'] = 'zabbix';
// Schema name. Used for PostgreSQL.
$DB['SCHEMA'] = '';
// Used for TLS connection.
$DB['ENCRYPTION'] = true;
$DB['KEY_FILE'] = '/etc/zabbix/certs/ZBX-KEY.pem';
$DB['CERT_FILE'] = '/etc/zabbix/certs/ZBX-CERT.pem';
$DB['CA_FILE'] = '/etc/zabbix/certs/CA-CERT.pem';
$DB['VERIFY_HOST'] = false;
$DB['CIPHER_LIST'] = '';
Zabbix Server Config:
DBTLSConnect=required
DBTLSCAFile=/etc/zabbix/certs/CA-CERT.pem
DBTLSCertFile=/etc/zabbix/certs/ZBX-CERT.pem
DBTLSKeyFile=/etc/zabbix/certs/ZBX-KEY.pem
DBHost=172.16.20.131
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix
DBPort=3306
When trying to access Zabbix Frontend I get an error:
Database error
Database error code 2002
¹ Zabbix Server can connect to MariaDB normally.
² If I use the following command line from Zabbix Server I can also connect normally:
mysql --user=zabbix -p --host=172.16.20.131 --port=3306 --ssl-cert=ZBX-CERT.pem --ssl-key=ZBX-KEY.pem --ssl-ca=CA-CERT.pem
All certificates were generated and tested with OpenSSL 1.1 and Apache2 is our Web Server.
I need to implement this layer of security with certificates in our Zabbix environment, but this issue is holding me back... Could someone help me with this?
Thanks...
I'm having trouble setting up a TLS connection from Zabbix Frontend to a MariaDB database using X509 certificates.
Here's the environment I set up:
MariaDB Database Config:
ssl_ca=/etc/mysql/certs/CA-CERT.pem
ssl_cert=/etc/mysql/certs/DB-CERT.pem
ssl_key=/etc/mysql/certs/DB-KEY.pem
require_secure_transport=ON
bind-address = 0.0.0.0
port=3306
MariaDB User Config:
CREATE USER "zabbix"@"%" IDENTIFIED BY "zabbix" REQUIRE X509;
GRANT ALL PRIVILEGES ON zabbix.* TO "zabbix"@"%";
Zabbix GUI Configuration File:
$DB['TYPE'] = 'MYSQL';
$DB['SERVER'] = '172.16.20.131';
$DB['PORT'] = '3306';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbix';
$DB['PASSWORD'] = 'zabbix';
// Schema name. Used for PostgreSQL.
$DB['SCHEMA'] = '';
// Used for TLS connection.
$DB['ENCRYPTION'] = true;
$DB['KEY_FILE'] = '/etc/zabbix/certs/ZBX-KEY.pem';
$DB['CERT_FILE'] = '/etc/zabbix/certs/ZBX-CERT.pem';
$DB['CA_FILE'] = '/etc/zabbix/certs/CA-CERT.pem';
$DB['VERIFY_HOST'] = false;
$DB['CIPHER_LIST'] = '';
Zabbix Server Config:
DBTLSConnect=required
DBTLSCAFile=/etc/zabbix/certs/CA-CERT.pem
DBTLSCertFile=/etc/zabbix/certs/ZBX-CERT.pem
DBTLSKeyFile=/etc/zabbix/certs/ZBX-KEY.pem
DBHost=172.16.20.131
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix
DBPort=3306
When trying to access Zabbix Frontend I get an error:
Database error
Database error code 2002
¹ Zabbix Server can connect to MariaDB normally.
² If I use the following command line from Zabbix Server I can also connect normally:
mysql --user=zabbix -p --host=172.16.20.131 --port=3306 --ssl-cert=ZBX-CERT.pem --ssl-key=ZBX-KEY.pem --ssl-ca=CA-CERT.pem
All certificates were generated and tested with OpenSSL 1.1 and Apache2 is our Web Server.
I need to implement this layer of security with certificates in our Zabbix environment, but this issue is holding me back... Could someone help me with this?
Thanks...