Ad Widget

Collapse

Web monitoring with certificate for authentication

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • lpossamai
    Senior Member
    • Jun 2018
    • 119
    #1

    Web monitoring with certificate for authentication

    Hi.

    I'm trying to monitor an API endpoint that requires certificate authentication. I have originally a .p12 certificate, and I am using the following commands to extract it to pem formats:

    # Export certificate
    openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys

    # Export private key
    openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes

    # Copy cert and key to Zabbix directory
    cp newfile.crt.pem /usr/share/zabbix/ssl/certs/
    cp newfile.key.pem /usr/share/zabbix/ssl/keys/

    On Zabbix dashboard:
    HTTP authentication: none
    SSL certificate file: /usr/share/zabbix/ssl/cert/newfile.crt.pem
    SSL key file: /usr/share/zabbix/ssl/keys/newfile.key.pem
    SSL key password: none

    I am getting the following error:
    Code:
    6161:20200415:120852.738 cannot process step "Example API checks" of web scenario "Example API checks" on host "Zabbix server": Problem with the local SSL certificate: could not load PEM client certificate, OpenSSL error error:02001002:system library:fopen:No such file or directory, (no key found, wrong pass phrase, or wrong file format?)
    Via curl it is working:
    curl -I --key /usr/share/zabbix/ssl/keys/newfile.key.pem --cert /usr/share/zabbix/ssl/certs/newfile.crt.pem https://api.example.com/action/robotPing/1.0
    HTTP/1.1 200 OK
    Date: Wed, 15 Apr 2020 02:25:21 GMT
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Content-Type: text/xml; charset=UTF-8
    Content-Length: 901
    Vary: Accept-Encoding



    What am I doing wrong?
    Thanks!
    Tags: None
    • tim.mooney
      Senior Member
      • Dec 2012
      • 1427
      #2
      You show
      Code:
      cp newfile.crt.pem /usr/share/zabbix/ssl/cert[B]s[/B]/
      as where you installed the cert, but
      Code:
      /usr/share/zabbix/ssl/cert/newfile.crt.pem
      Notice that one has "certs" but the other just has "cert".

      Also does 'newfile.crt.pem' begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----

      Does 'newfile.key.pem' being with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----

      Out of curiosity, why the '-nodes' (no DES) for the private key?

        Comment

        • lpossamai
          Senior Member
          • Jun 2018
          • 119
          #3
          Originally posted by tim.mooney
          You show
          Code:
          cp newfile.crt.pem /usr/share/zabbix/ssl/cert[B]s[/B]/
          as where you installed the cert, but
          Code:
          /usr/share/zabbix/ssl/cert/newfile.crt.pem
          Notice that one has "certs" but the other just has "cert".
          That was just typo, sorry...

          Also does 'newfile.crt.pem' begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----
          Yes...

          Does 'newfile.key.pem' being with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----
          Yes...

          Out of curiosity, why the '-nodes' (no DES) for the private key?
          no particular reason... was just following steps from somewhere else.

            Comment

            • lpossamai
              Senior Member
              • Jun 2018
              • 119
              #4
              OKay... I found the problem.

              On the dashboard, I was using the entire path to pass the cert and key; example:

              Wrong:
              SSL certificate file: /usr/share/zabbix/ssl/cert/newfile.crt.pem
              SSL key file: /usr/share/zabbix/ssl/keys/newfile.key.pem


              Correct:
              SSL certificate file: newfile.crt.pem
              SSL key file: newfile.key.pem

              Working fine now. Thanks!

                Comment

                • aidaitzabbix
                  #4.1
                  aidaitzabbix commented
                  15-02-2023, 17:21
                  Editing a comment
                  Hello, I'm having the same problem but even using only the name of the files I got the same error:

                  SSL certificate file: myCert.pem
                  SSL key file: myKey.pem

                  I couldn't find the following paths:
                  /usr/share/zabbix/ssl/keys/
                  /usr/share/zabbix/ssl/certs/

                  so I used,

                  /etc/ssl/private/ --> for the key
                  /etc/ssl/certs/ --> for the cert

                  Even if i use

                  SSL certificate file: /etc/ssl/private/myCert.pem
                  SSL key file:/etc/ssl/certs/myKey.pem

                  got the same issue.

                  How can I find the default path for my files?.
                  Thanks in advance.
                  • mdub
                    #4.2
                    mdub commented
                    09-07-2025, 13:14
                    Editing a comment
                    Hi @aidaitzabbix

                    According to the server config file you should run 'zabbix_server --help' and it should print out something like this :

                    Some configuration parameter default locations:
                    AlertScriptsPath "/etc/zabbix/alertscripts"
                    ExternalScripts "/etc/zabbix/externalscripts"
                    SSLCertLocation "/etc/zabbix/ssl/certs"
                    SSLKeyLocation "/etc/zabbix/ssl/keys"
                    LoadModulePath "/usr/lib/x86_64-linux-gnu/modules"
                  Previous template Next
                  Working...