I try config the certificate based but faild:
Give me erros:
zabbix_get [15881]: Get value error: TCP successful, cannot establish TLS to [[127.0.0.1]:10050]: self signed certificate: SSL_connect() returned SSL_ERROR_SSL: file s3_clnt.c line 1264: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: TLS write fatal alert "unknown CA"
Log server:
15311:20170715:002108.367 failed to accept an incoming connection: from 127.0.0.1: TLS connection has been closed during handshake: file s3_pkt.c line 1487: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48: TLS read fatal alert "unknown CA"
Log agent:
15319:20170715:002113.350 failed to accept an incoming connection: from 127.0.0.1: TLS connection has been closed during handshake: file s3_pkt.c line 1487: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48: TLS read fatal alert "unknown CA"
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
zabbix_server (Zabbix) 3.2.6
Revision 67849 4 May 2017, compilation time: May 6 2017 01:09:33
zabbix_agentd (daemon) (Zabbix) 3.2.6
Revision 67849 4 May 2017, compilation time: May 6 2017 01:09:33
openssl 1.0.2g 2016-03-01
Config Server:
TLSCAFile=/etc/zabbix/ca/zabbix_ca.crt
TLSCertFile=/etc/zabbix/ca/zabbix_server.crt
TLSKeyFile=/etc/zabbix/ca/zabbix_server.key
Config Agent:
TLSAccept=cert
TLSConnect=cert
TLSCAFile=/etc/zabbix/ca/zabbix_ca.crt
TLSCertFile=/etc/zabbix/ca/zabbix_agent.crt
TLSKeyFile=/etc/zabbix/ca/zabbix_agent.key
Config Certificate:
openssl genrsa -aes256 -out zabbix_ca.key 4096
openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt
openssl genrsa -out zabbix_server.key 2048
openssl req -new -key zabbix_server.key -out zabbix_server.csr
openssl x509 -req -in zabbix_server.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_server.crt -days 1460 -sha256
openssl genrsa -out zabbix_agent.key 2048
openssl req -new -key zabbix_agent.key -out zabbix_agent.csr
openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 1460 -sha256
Give me erros:
zabbix_get [15881]: Get value error: TCP successful, cannot establish TLS to [[127.0.0.1]:10050]: self signed certificate: SSL_connect() returned SSL_ERROR_SSL: file s3_clnt.c line 1264: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: TLS write fatal alert "unknown CA"
Log server:
15311:20170715:002108.367 failed to accept an incoming connection: from 127.0.0.1: TLS connection has been closed during handshake: file s3_pkt.c line 1487: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48: TLS read fatal alert "unknown CA"
Log agent:
15319:20170715:002113.350 failed to accept an incoming connection: from 127.0.0.1: TLS connection has been closed during handshake: file s3_pkt.c line 1487: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48: TLS read fatal alert "unknown CA"
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
zabbix_server (Zabbix) 3.2.6
Revision 67849 4 May 2017, compilation time: May 6 2017 01:09:33
zabbix_agentd (daemon) (Zabbix) 3.2.6
Revision 67849 4 May 2017, compilation time: May 6 2017 01:09:33
openssl 1.0.2g 2016-03-01
Config Server:
TLSCAFile=/etc/zabbix/ca/zabbix_ca.crt
TLSCertFile=/etc/zabbix/ca/zabbix_server.crt
TLSKeyFile=/etc/zabbix/ca/zabbix_server.key
Config Agent:
TLSAccept=cert
TLSConnect=cert
TLSCAFile=/etc/zabbix/ca/zabbix_ca.crt
TLSCertFile=/etc/zabbix/ca/zabbix_agent.crt
TLSKeyFile=/etc/zabbix/ca/zabbix_agent.key
Config Certificate:
openssl genrsa -aes256 -out zabbix_ca.key 4096
openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt
openssl genrsa -out zabbix_server.key 2048
openssl req -new -key zabbix_server.key -out zabbix_server.csr
openssl x509 -req -in zabbix_server.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_server.crt -days 1460 -sha256
openssl genrsa -out zabbix_agent.key 2048
openssl req -new -key zabbix_agent.key -out zabbix_agent.csr
openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 1460 -sha256