Communication between Zabbix components is done in plain text by default. In many environments, that isn't a significant problem, but monitoring over the internet in plain-text is likely not a good approach—transferred data could be read or manipulated by malicious parties. In previous Zabbix versions, there was no built-in solution, and various VPN, stunnel, and SSH port-forwarding solutions were used. Such solutions can still be used, but 3.0 was the first Zabbix version to provide built-in encryption.

In this chapter, we'll set up several of the components to use different types of encryption and cover the following topics:

• Overview
• Backend libraries
• Pre-shared key encryption
• Certificate-based encryption
• Being our own authority
• Setting up Zabbix with certificates