"Unknown CA" when setting up certificate encryption

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    "Unknown CA" when setting up certificate encryption

    Hi,

    I used the following tutorial to try and setup certificate encryption: https://hub.packtpub.com/encrypting-zabbix-traffic/
    However when I run zabbix_get, I get the error "unknown CA".
    Code:
    # zabbix_get -s 127.0.0.1 -k system.cpu.load --tls-connect cert --tls-ca-file /etc/zabbix/ssl/zabbix_ca.crt --tls-cert-file /etc/zabbix/ssl/zabbix_server.crt --tls-key-file /etc/zabbix/ssl/zabbix_server.key --tls-agent-cert-issuer "CN=Signing CA,OU=Development group,O=Zabbix SIA,DC=zabbix,DC=com" --tls-agent-cert-subject "CN=Zabbix proxy,OU=Development group,O=Zabbix SIA,DC=zabbix,DC=co"                    zabbix_get [21701]: Get value error: TCP successful, cannot establish TLS to [[127.0.0.1]:10050]: unable to get local issuer certificate: SSL_connect() set result code to SSL_ERROR_SSL: file ../ssl/statem/statem_clnt.c line 1230: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: TLS write fatal alert "unknown CA"
    How do I fix this?
    I even added the subject and issuer option to zabbix_agent.conf to try things out, but no luck...
    Any advice or a good tutorial?

    #2
    Am sure you are using the cert authority used to generate the agent cert. In the example you are using zabbix.com cert issuer which I believe is just for example.

    Comment

    Announcement

    Collapse
    No announcement yet.
    Working...
    X