In the scenario properties, there was also a tab that we didn't use: Authentication. Check it out here:

For HTTP authentication, Zabbix currently supports two options—Basic and NTLM. Digest authentication is not supported at this time, as you can see:

Choosing one of the HTTP authentication methods will provide input fields for a username and password.

All the other options are SSL/TLS-related. The checkboxes allow us to validate the server certificate—the SSL verify peer option checks the certificate validity, and SSL verify host additionally checks that the server hostname matches the Common Name or the Subject Alternate Name in the certificate. The certificate authority is validated against the system default. The location of the CA certificates can also be overridden by the SSLCALocation parameter in the server configuration file.

The last three fields enable us to set up client authentication using a certificate. Zabbix supports all possible combinations of certificate, a key, and key password, such as a single unencrypted file, a completely separate certificate, and key and key password. The client certificate files must be placed in the directory specified by the SSLCertLocation parameter in the server configuration file. Key files, if any, must be placed in the directory specified by the SSLKeyLocation parameter in the server configuration file.