PSK encryption
Let's start with a simple situation, a single new host for which the Zabbix server will accept PSK-encrypted incoming connections only for the ones we'll send some values to using zabbix_sender. For that to work, both the Zabbix server and zabbix_sender must be compiled with TLS support. The PSK configuration consists of a PSK identity and key. The identity is some string that isn't considered to be secret; it isn't encrypted during the communication, so don't put sensitive information in the identity string. The key is a hexadecimal string.
Note
Zabbix requires the key to be at least 32 characters (hexadecimal digits) long. The maximum in Zabbix is 512 characters, but it might depend on the specific version of the backend library you're using.
We could just type the key in manually, but a slightly easier method might be using the openssl command:
$ openssl rand -hex 64This will generate a 512-bit key, which we'll use in a moment. Navigate to Configuration | Hosts, click on Create...
