Set access rights to this file - it must be readable only by Zabbix user.ġ. In case of certificate chain with several members they must be ordered: server, proxy, or agent certificate first, followed by lower level CA certificates then certificates of higher level CA(s).įull pathname of a file containing private key. See notes in Certificate Revocation Lists (CRL).įull pathname of a file containing certificate (certificate chain). In case of certificate chain with several members they must be ordered: lower level CA certificates first followed by certificates of higher level CA(s).Ĭertificates from multiple CA(s) can be included in a single file.įull pathname of a file containing Certificate Revocation Lists. Certificate configuration parametersįull pathname of a file containing the top-level CA(s) certificates for peer certificate verification. Ĭarefully consider and test your certificate extensions - see Limitations on using X.509 v3 certificate extensions. Each Zabbix component can have only one certificate configured.įor more information how to set up and operate internal CA, how to generate certificate requests and sign them, how to revoke certificates you can find numerous online how-tos, for example, OpenSSL PKI Tutorial v1.1. Optionally certificate revocation lists (CRL) can be used. Certificate verification is done against a pre-configured CA certificate.
Zabbix can use RSA certificates in PEM format, signed by a public or in-house certificate authority (CA).
0 kommentar(er)
