Zabbix NIFI Configuration - SSL Certificate
Hi Everyone,
I'm brand new to Zabbix and still finding my way around. I've been tasked with monitoring our new NiFi servers, and I've run into a problem that I'm hoping someone with more experience can help me with.
We have a setup where our new NiFi servers are using the exact same SSL certificate as our older, already monitored NiFi instances. To get the new servers monitored, I essentially cloned the existing Zabbix NiFi alert configuration (which is working perfectly for the old servers) and simply updated the Agent IP address to point to the new server.
However, I'm now getting the following error in Zabbix for the new hosts:
Cannot perform request: OpenSSL SSL_read: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown, errno 0
This error seems to indicate an issue with the SSL certificate during the communication between Zabbix and the NiFi agent on the new servers.
Given that the SSL certificate is the same and the configuration is essentially a clone (with just the IP change), I'm quite confused about why this is happening.
Could anyone shed some light on what might be causing this "sslv3 alert certificate unknown" error in this specific scenario? Are there any other configuration steps I might be missing for the new hosts, even though they use the same certificate?
Additional details:
Zabbix agent version : zabbix-6.0.21
Host is configured as "Monitored by proxy"
I've encountered another puzzling situation while trying to troubleshoot. I usually configure the paths to the SSL certificate and key files within the Zabbix server configuration in the following directories:
/usr/share/zabbix/ssl/certs
/usr/share/zabbix/ssl/keys
However, when I checked these directories on the Zabbix server to try and compare the certificates and keys used for the old, working NiFi servers, I couldn't find any files related to those specific NiFi instances in these locations. I can see other SSL certificates and keys in these directories, but not the ones I would expect to be used for the currently monitored NiFi servers.
This leads me to wonder: Is there another way to determine where Zabbix is loading the SSL certificates and keys for the existing, successfully monitored NiFi servers? Perhaps they are configured in a different location or through a different mechanism that I'm not aware of.
Understanding where the working configuration is pulling the certificates and keys from might give me a clue as to why the new servers are failing with the "certificate unknown" error, even though they use the same certificate. zz0.ct66dz1rp1tzz
Any advice or troubleshooting steps would be greatly appreciated!
Thanks in advance for your help.
I'm brand new to Zabbix and still finding my way around. I've been tasked with monitoring our new NiFi servers, and I've run into a problem that I'm hoping someone with more experience can help me with.
We have a setup where our new NiFi servers are using the exact same SSL certificate as our older, already monitored NiFi instances. To get the new servers monitored, I essentially cloned the existing Zabbix NiFi alert configuration (which is working perfectly for the old servers) and simply updated the Agent IP address to point to the new server.
However, I'm now getting the following error in Zabbix for the new hosts:
Cannot perform request: OpenSSL SSL_read: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown, errno 0
This error seems to indicate an issue with the SSL certificate during the communication between Zabbix and the NiFi agent on the new servers.
Given that the SSL certificate is the same and the configuration is essentially a clone (with just the IP change), I'm quite confused about why this is happening.
Could anyone shed some light on what might be causing this "sslv3 alert certificate unknown" error in this specific scenario? Are there any other configuration steps I might be missing for the new hosts, even though they use the same certificate?
Additional details:
Zabbix agent version : zabbix-6.0.21
Host is configured as "Monitored by proxy"
I've encountered another puzzling situation while trying to troubleshoot. I usually configure the paths to the SSL certificate and key files within the Zabbix server configuration in the following directories:
/usr/share/zabbix/ssl/certs
/usr/share/zabbix/ssl/keys
However, when I checked these directories on the Zabbix server to try and compare the certificates and keys used for the old, working NiFi servers, I couldn't find any files related to those specific NiFi instances in these locations. I can see other SSL certificates and keys in these directories, but not the ones I would expect to be used for the currently monitored NiFi servers.
This leads me to wonder: Is there another way to determine where Zabbix is loading the SSL certificates and keys for the existing, successfully monitored NiFi servers? Perhaps they are configured in a different location or through a different mechanism that I'm not aware of.
Understanding where the working configuration is pulling the certificates and keys from might give me a clue as to why the new servers are failing with the "certificate unknown" error, even though they use the same certificate. zz0.ct66dz1rp1tzz
Any advice or troubleshooting steps would be greatly appreciated!
Thanks in advance for your help.
)
Comment