Certificate-based encryption
With PSK-based encryption protecting our sensitive Zabbix trapper item, let's move to certificates. We will generate certificates for the Zabbix server and agent and require encrypted connections on the Zabbix agent side for passive items. Certificate authorities sign certificates, and Zabbix components can trust one or more authorities. By extension, they trust the certificates signed by those authorities.
You might have a certificate infrastructure in your organization, but for our first test, we will generate all required certificates ourselves. We will need a new certificate authority (CA) that will sign our certificate. Zabbix does not support self-signed certificates.
Tip
It is strongly recommended to use intermediate ...
Get Zabbix Network Monitoring - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.