Hello All,
This My first post in Zabbix, where i have an issue and also comment that maybe consider as a bug:
==== My Issue ====
I have Mysql Server which use TLS , where i created server-key.pem and CSR then send this CSR to My MS Root CA in Windows 2019 to get at the end server-cert.pem as a MySql Certificate and download my Root-CA.cer its the MS Root CA Certificate then i configured Mysql /etc/my.cnf
require_secure_transport=ON
tls-version=TLSv1.3
ssl-ca=/etc/mysql-ssl/Root-CA.cer
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem
I add this info Also in Zabbix Manager :
DBTLSConnect=verify_full
DBTLSCAFile=/etc/mysql-ssl/Root-CA.cer
DBTLSCertFile=/etc/mysql-ssl/server-cert.pem
DBTLSKeyFile=/etc/mysql-ssl/server-key.pem
But i got error : [Z3001] connection to database 'zabbix' failed: [2013] Lost connection to MySQL server at 'reading authorization packet', system error: 0
and the same in Zabbix Frontend
====== My comment That maybe consider as a bug =======
DBTLSConnect=verify_ca is not work and i gor error that its not configure in zabbix and it's missing some libarary
but after some test i discoverd that i can use it or use verify_full without adding :
DBTLSCertFile=/etc/mysql-ssl/server-cert.pem
DBTLSKeyFile=/etc/mysql-ssl/server-key.pem
Also FYI I test with Self Signed and its working , but i need to use My MS Root CA , i used it before in Zabbix Front url to be https and its working good.
Can anyone help or tell me what i missing
This My first post in Zabbix, where i have an issue and also comment that maybe consider as a bug:
==== My Issue ====
I have Mysql Server which use TLS , where i created server-key.pem and CSR then send this CSR to My MS Root CA in Windows 2019 to get at the end server-cert.pem as a MySql Certificate and download my Root-CA.cer its the MS Root CA Certificate then i configured Mysql /etc/my.cnf
require_secure_transport=ON
tls-version=TLSv1.3
ssl-ca=/etc/mysql-ssl/Root-CA.cer
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem
I add this info Also in Zabbix Manager :
DBTLSConnect=verify_full
DBTLSCAFile=/etc/mysql-ssl/Root-CA.cer
DBTLSCertFile=/etc/mysql-ssl/server-cert.pem
DBTLSKeyFile=/etc/mysql-ssl/server-key.pem
But i got error : [Z3001] connection to database 'zabbix' failed: [2013] Lost connection to MySQL server at 'reading authorization packet', system error: 0
and the same in Zabbix Frontend
====== My comment That maybe consider as a bug =======
DBTLSConnect=verify_ca is not work and i gor error that its not configure in zabbix and it's missing some libarary
but after some test i discoverd that i can use it or use verify_full without adding :
DBTLSCertFile=/etc/mysql-ssl/server-cert.pem
DBTLSKeyFile=/etc/mysql-ssl/server-key.pem
Also FYI I test with Self Signed and its working , but i need to use My MS Root CA , i used it before in Zabbix Front url to be https and its working good.
Can anyone help or tell me what i missing
Comment