[root@localhost ~]# mkdir /etc/zabbix/.certs [root@localhost ~]# cp /etc/pki/nssdb/ cert8.db cert9.db key3.db key4.db pkcs11.txt secmod.db [root@localhost ~]# cp /etc/pki/nssdb/*.db /etc/zabbix/.certs/ [root@localhost ~]# ll /etc/zabbix/.certs/ total 120 -rw-r--r-- 1 root root 65536 Oct 11 14:18 cert8.db -rw-r--r-- 1 root root 9216 Oct 11 14:18 cert9.db -rw-r--r-- 1 root root 16384 Oct 11 14:18 key3.db -rw-r--r-- 1 root root 11264 Oct 11 14:18 key4.db -rw-r--r-- 1 root root 16384 Oct 11 14:18 secmod.db [root@localhost ~]# [root@localhost ~]# echo -n | openssl s_client -connect smtphz.qiye.163.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/zabbix/.certs/wy.crt depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust CN RSA CA G1 verify return:1 depth=0 C = CN, ST = Zhejiang, L = Hangzhou, O = "NetEase (Hangzhou) Network Co., Ltd", CN = *.qiye.163.com verify return:1 DONE [root@localhost ~]# certutil -A -n "GeoTrust SSL CA" -t "C,," -d /etc/zabbix/.certs -i /etc/zabbix/.certs/wy.crt [root@localhost ~]# certutil -A -n "GeoTrust Global CA" -t "C,," -d /etc/zabbix/.certs -i /etc/zabbix/.certs/wy.crt [root@localhost ~]# certutil -L -d /etc/zabbix/.certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI GeoTrust SSL CA C,, [root@localhost ~]# cd /etc/zabbix/.certs/ [root@localhost .certs]# certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i wy.crt Notice: Trust flag u is set automatically if the private key is present. [root@localhost .certs]# [root@localhost .certs]# chown zabbix:zabbix ./* [root@localhost ~]# tail -10 /etc/mail.rc set bsdcompat set from=tech@xxxxxx.com set smtp=smtps://smtphz.qiye.163.com:465 set smtp-auth-user=tech@xxxxxx.com set smtp-auth-password=password set smtp-auth=login #set smtp-use-starttls set ssl-verify=ignore set nss-config-dir=/etc/zabbix/.certs
