Zabbix MPA – HTTPS FrontEnd Certificate Amendments

Zabbix MPA HTTPS FE Certificate

This article will assist you in resigning, updating or amending the self signed certificate for the Zabbix Monitoring Platform HTTPS front-end portal.

1. Login to your Zabbix Appliance Ubuntu Terminal and initiate the following command.

appliance@zabbix:~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt


  • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
  • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate management. Since we are wanting to create a new X.509 certificate, this is what we want.
  • -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
  • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
  • -days 365: This specifies that the certificate we are creating will be valid for one year.
  • -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn’t create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
  • -keyout: This parameter names the output file for the private key file that is being created.
  • -out: This option names the output file for the certificate that we are generating.

2. Once you have initiated the above command you will then need to fill out the certificate details again where you can make the amendments or update any of the details which you require changing.

Country Name (2 Letter Code) [AU]: UK
State or Province Name (Full Name) [Some-State]:
Locality Name (EG, City) []: London
Organization Name (EG, Company) []: DeltaCentral
Organizational Unit Name (EG,Section) []: DeltaLabs
Common Name (Server FQDN or YOUR Name []: IP / Domain Name
Email Address []:

In this section you can either put your Internal Zabbix IP Address, External Zabbix IP Address or Domain Name.

DigiCERT SSL Certificate Checker: HERE

3. Once you have made the amendments, then carry out a Sudo Reboot for the changes to take effect.




Leave a Reply