Monitoring public and private website certificates in a dockerized Zabbix deployment

jhboricua

Senior Member

Joined: Dec 2021

Posts: 113
#1

Monitoring public and private website certificates in a dockerized Zabbix deployment

15-08-2024, 06:25

We want to monitor certificate expiration of both public and private websites using the Website certificate by Zabbix agent 2 template . The certificates of the private websites are issued by our internal PKI CA authority.

Public site monitoring is fine, but private site monitoring is not able to validate the certs as the agent2 container doesn't have the CA material to perform the validation. What is the proper way to add the CA material to the Agent2 container that will also persist restarts?
Tags: None
jhboricua

Senior Member

Joined: Dec 2021

Posts: 113
#2

30-12-2024, 17:18

For anyone facing this issue, the solution involves building your own modified zabbix-agent2 container image with the private CA material in it. I setup an automated build process for this in our private Gitlab repo that uses a dockerfile to:
Pull the latest zabbix-agent2 Alpine image.

Installs the ca-certificates package in it via APK.

Creates the /usr/local/share/ca-certificates folder

Copies the required CA files into the folder above

Runs the update-ca-certificates command to process the CA files.

The resulting docker image is then able to validate our internal sites that use SSL certs from our internal PKI authority.
Comment

Ad Widget