Hi,
I'm facing trouble enabling the schedule report services. I've tried most of the recommendations in the forum but still does not work.
The error:
Test log
2025/01/02 16:10:43.969960 http: TLS handshake error from 192.168.10.45:60708: tls: client didn't provide a certificate
Here are some of the settings: /etc/zabbix/zabbix_web_service.conf
AllowedIP=0.0.0.0/0
TLSAccept=cert
TLSCAFile=/etc/ssl/certs/fullchain.pem
TLSCertFile=/etc/ssl/certs/fullchain.pem
TLSKeyFile=/etc/pki/tls/private/privkey.pem
IgnoreURLCertErrors=1
Zabbix Web Service Status
● zabbix-web-service.service - Zabbix Web Service
Loaded: loaded (/usr/lib/systemd/system/zabbix-web-service.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2025-01-02 15:53:53 UTC; 26min ago
Process: 587900 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 587902 (zabbix_web_serv)
Nginx Settings /etc/nginx/conf.d/zabbix.conf #This sites redirect port 80 to use ssl and works. Using the same Certs.
server {
listen 80;
server_name zabbix.renamed.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name zabbix.renamed.com;
root /usr/share/zabbix;
index index.php;
ssl_certificate "/etc/ssl/certs/fullchain.pem";
ssl_certificate_key "/etc/pki/tls/private/privkey.pem";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_verify_client off; # This requires clients to present a valid certificate
location = /favicon.ico {
log_not_found off;
}
CERT Test
curl -v --cacert /etc/ssl/certs/fullchain.pem "https://zabbix.renamed.com:10053/report"
Related /etc/zabbix/zabbix_server.conf configuration
# Default:
StartReportWriters=1
WebServiceURL=https://zabbix.mired.com.do:10053/report
FrontEnd Parameters
Permisions
The user zabbix can access and read the content of the cert file.
[root@appliance ~]# sudo -u zabbix cat /etc/ssl/certs/fullchain.pem
-----BEGIN CERTIFICATE-----
Don't know what else to test. Can you guide me please?
I'm facing trouble enabling the schedule report services. I've tried most of the recommendations in the forum but still does not work.
The error:
Test log
2025/01/02 16:10:43.969960 http: TLS handshake error from 192.168.10.45:60708: tls: client didn't provide a certificate
Here are some of the settings: /etc/zabbix/zabbix_web_service.conf
AllowedIP=0.0.0.0/0
TLSAccept=cert
TLSCAFile=/etc/ssl/certs/fullchain.pem
TLSCertFile=/etc/ssl/certs/fullchain.pem
TLSKeyFile=/etc/pki/tls/private/privkey.pem
IgnoreURLCertErrors=1
Zabbix Web Service Status
● zabbix-web-service.service - Zabbix Web Service
Loaded: loaded (/usr/lib/systemd/system/zabbix-web-service.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2025-01-02 15:53:53 UTC; 26min ago
Process: 587900 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 587902 (zabbix_web_serv)
Nginx Settings /etc/nginx/conf.d/zabbix.conf #This sites redirect port 80 to use ssl and works. Using the same Certs.
server {
listen 80;
server_name zabbix.renamed.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name zabbix.renamed.com;
root /usr/share/zabbix;
index index.php;
ssl_certificate "/etc/ssl/certs/fullchain.pem";
ssl_certificate_key "/etc/pki/tls/private/privkey.pem";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_verify_client off; # This requires clients to present a valid certificate
location = /favicon.ico {
log_not_found off;
}
CERT Test
curl -v --cacert /etc/ssl/certs/fullchain.pem "https://zabbix.renamed.com:10053/report"
Related /etc/zabbix/zabbix_server.conf configuration
# Default:
StartReportWriters=1
WebServiceURL=https://zabbix.mired.com.do:10053/report
FrontEnd Parameters
Permisions
The user zabbix can access and read the content of the cert file.
[root@appliance ~]# sudo -u zabbix cat /etc/ssl/certs/fullchain.pem
-----BEGIN CERTIFICATE-----
Don't know what else to test. Can you guide me please?