Hi Kraishak, When are you deploying? You may want to test with 2.3.8 as the release of the next stable (2.4.0) is coming soon. As for certificate use, I am not an expert in that area, but I believe that the .pem format is most common and correct.
Thank you, Darren Ankney On Wed, Jun 28, 2023 at 12:48 AM Kraishak Mahtha <kraishak....@gmail.com> wrote: > > Hi Darren, > Thank you for the suggestion. I forget to mention, I am using the kea 2.2.0 > version the last stable one (Yes as its the latest version compared to 2.17 ) > we don't need kea-control agents and I am using HA+MT I don't have dependency > on kea-control agent on any of the peer-servers > > I have one more doubt about the certificate type to be used. In the kea 2.2.0 > document, The document says "Objects in files must be in the PEM format" > under section 23.1.2 TLS/HTTPS Configuration. > And also I checked the examples config in reference documents, and most of > them show with .pem files for all three attributes > "trust-anchor": /usr/lib/kea/CA.pem, > "cert-file": /usr/lib/kea/server1_cert.pem, > "key-file": /usr/lib/kea/server1_key.pem > > 1)So my doubt is do all three certificates should be in .pem format? > > Asking this because while I am reading about the certificate content, at one > of the places it says "The sample set of the certificates are available at > src/lib/asiolink/testutils/ca kea source folder and when I see there I don't > see .pem files > I just want to test with that sample certificates to rule out whether the > issue is either with the environment setup or with my certificates. > > Thanks > > On Wed, Jun 28, 2023 at 2:10 AM Darren Ankney <darren.ank...@gmail.com> wrote: >> >> Hi Kraishak, >> >> In the latest 2.3.8 ARM, the full quote is: >> >> "Before Kea 2.1.7 using HTTPS in the HA setup required use of the >> Control Agent on all peers." >> >> followed by: >> >> "Since Kea 2.1.7 the HTTPS server side is supported:" >> >> see https://kea.readthedocs.io/en/kea-2.3.8/arm/hooks.html#https-support >> for full details. >> >> On Tue, Jun 27, 2023 at 12:26 PM Kraishak Mahtha <kraishak....@gmail.com> >> wrote: >> > >> > Hi, I am using the kea-failover peer with Muti threading enabled HA+MT so >> > hence I am not using the control -agent and using it directly, and >> > everything is working fine as expected. >> > Here now I am trying to use TLS with certificates configured but it does >> > not seems to work as expected, When I was reading more on the certificates >> > section I see a line saying "using HTTPS in the HA setup required use of >> > the Control Agent on all peers", so just to rule out my issue with >> > certificates, do we need to use/configure Control agent on all peer for >> > TLS even after enabling multi-threading? >> > >> > Thanks in Advance >> > Kraishak >> > >> > -- >> > ISC funds the development of this software with paid support >> > subscriptions. Contact us at https://www.isc.org/contact/ for more >> > information. >> > >> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >> > >> > Kea-users mailing list >> > Kea-users@lists.isc.org >> > https://lists.isc.org/mailman/listinfo/kea-users >> -- >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >> >> Kea-users mailing list >> Kea-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/kea-users -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
