Am 27.06.23 um 17:17 schrieb Eric Graham:
Stefan,
Make sure that when you change the password, you also change it in Stork
and in the HA hook config on each daemon of each server.
I have done that and cross-checked things but somehow communication
wasn't established again. Had to roll back to get it working again asap.
Would be better to do that in the evening ... when I am tired ;-)
I am not aware of documentation from ISC for generating certificates,
but here is an article I found that should get you started:
https://node-security.com/posts/openssl-creating-a-ca/
<https://node-security.com/posts/openssl-creating-a-ca/>
You will want to make a CA in this case, and not just self-signed
certificates. Make sure if you make the certificates for IP and not
hostname, that you add the IP to the SAN field of the certificates.
Here's an article from Red Hat about trusting the CA on each host:
https://www.redhat.com/sysadmin/ca-certificates-cli
<https://www.redhat.com/sysadmin/ca-certificates-cli> Even if you're not
in Red Hat-land, it'll get you started.
Thanks for the pointers.
Did such cert-generation quite a few times already (back then before
LetsEncrypt) but hoped for some helpful script or so.
I'll try this in the next days.
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
