Not sure what version you are running but see following links for Kea
documentation around TLS, cert-required, agent and kea-shell:
cert-required - this boolean parameter allows a server to not require the
client certificate. Its default value is true, which means the client
certificate is
Interesting. I had assumed they were supplemental and not necessarily
conflicting (IE that the certificate provided encrypted transmission and
not necessarily authentication like a web-browser.) I was also under the
guidance of the HA required certificates, although in cursory testing at
the
When “cert-required” is set to true, you must provide a client certificate and
key to authenticate. A client cert is not required for using TLS connection (a
server cert is). The client cert can be used in lieu of username/password. In
the case of kea-shell, this is done with —cert and —key
I appreciate the suggestion. It might be worth noting that documentation
should include -u for authentication headers IMO, not that I'm expert.
curl (and telnet) to the server's DNS address has the connection refused
(to http and https to FQDN or localhost) but by ip address almost works:
"Empty
Hi,
You might try using "curl" as shown here:
https://kea.readthedocs.io/en/kea-2.4.1/arm/ctrl-channel.html#using-the-control-channel
I know very little about SSL, but `--insecure` added to the curl
command line will cause it to not check validity of certificates. You
can also specify cert
Thanks for the reply Rick. In this deployment I have specified in the
control agent conf:
"cert-required": true,
"trust-anchor": "Certificate_Autority.pem",
"cert-file": "ca1_cert.pem",
"key-file": "ca1_key.pem",
all pointing to self signed certs created with the help of (basically) the
script I
I believe that error indicates your Kea server requires a client certificate.
Per Kea documentation, the config parameter "cert-required” default is true.
Would indicate your server config didn’t set or is set to true and you did not
provide one in the sample command line. If you don’t
