Ad Widget

**nprdev** · 18-07-2023, 15:16

I've been browsing through https://www.zabbix.com/documentation...icate_problems but my problem doesn't seem to exactly be listed.

Client: 6.0.17 proxy on freeBSD (pfSense 2.7)

Server:

Code:

> uname -a

Linux zabbix 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux

> cat /etc/issue

Debian GNU/Linux 11 \n \l

> /usr/local/sbin/zabbix_server --version

zabbix_server (Zabbix) 6.0.19
Revision 998f8649378 27 June 2023, compilation time: Jul 17 2023 14:45:01

Internally, the proxy is reported as online. Everything also seems to work, it's reporting data, I'm not missing any data AFAIK, yet quite often the following message appears in the log:

Code:

4155237:20230718:145307.087 failed to accept an incoming connection: from <CLASSIFIED>  TLS handshake set result code to 1: file ../ssl/record/rec_layer_s3.c line 1543: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45: TLS read fatal alert "certificate expired"

The certificate isn't expired. In fact, I re-created it just to be sure.

Code:

> openssl x509 -noout -text -in client.crt | grep "Not After"

Not After : Jul 17 09:02:02 2026 GMT

The messages appear to begin once the proxy is updated to the 6.0 version from 5.4. (Contrary to what help pages say, it appears 6.0 server can deal with 5.4 proxy, but not the other way around). There are other clients for the same server running proxy 5.4, on the same OS, though an earlier version, which do not have this behaviour.

Does this always happen when 6.0.17 client proxy talks to 6.0.19 server? Is every connection re-negotiating? What could be the cause here?

Ad Widget

Zabbix 6.0: Undocumented, apparently spurious TLS cert expired error.

Zabbix 6.0: Undocumented, apparently spurious TLS cert expired error.