Hi Darren, I am deploying at my lab currently but, when we get more familiar we will proceed with production. I tried yes even with 2.3.8 and I am facing an issue, I thought it could be because of my certificates, and when I am reading more on this I saw a note in the reference document that "A sample set of certificates and associated objects is available at src/lib/asiolink/testutils/ca". I have downloaded the source from GIT and from the folder kea-master\kea-master\src\lib\asiolink\testutils\ca I used the following certificates as follows "trust-anchor": "/root/kea-server.crt" "cert-file": "/root/kea-server.csr" "key-file": "/root/kea-server.key"
But with this, I am getting the following error 11:33:40.411 DEBUG [kea-dhcp4.hooks/13148.140464316582080] HOOKS_STD_CALLOUT_REGISTERED hooks library /opt/tcpwave/lib/kea/hooks/libdhcp_ha.so registered standard callout for hook leases4_committed at address 0x7fc05b249e70 2023-06-28 11:33:40.413 ERROR [kea-dhcp4.ha-hooks/13148.140464316582080] HA_CONFIGURATION_FAILED failed to configure High Availability hooks library: bad TLS config for server dhcp1: load of cert file '/root/kea-server.csr' failed: no start line Thanks On Wed, Jun 28, 2023 at 3:47 PM Darren Ankney <darren.ank...@gmail.com> wrote: > Hi Kraishak, > > When are you deploying? You may want to test with 2.3.8 as the > release of the next stable (2.4.0) is coming soon. As for certificate > use, I am not an expert in that area, but I believe that the .pem > format is most common and correct. > > Thank you, > > Darren Ankney > > On Wed, Jun 28, 2023 at 12:48 AM Kraishak Mahtha <kraishak....@gmail.com> > wrote: > > > > Hi Darren, > > Thank you for the suggestion. I forget to mention, I am using the kea > 2.2.0 version the last stable one (Yes as its the latest version compared > to 2.17 ) we don't need kea-control agents and I am using HA+MT I don't > have dependency on kea-control agent on any of the peer-servers > > > > I have one more doubt about the certificate type to be used. In the kea > 2.2.0 document, The document says "Objects in files must be in the PEM > format" under section 23.1.2 TLS/HTTPS Configuration. > > And also I checked the examples config in reference documents, and most > of them show with .pem files for all three attributes > > "trust-anchor": /usr/lib/kea/CA.pem, > > "cert-file": /usr/lib/kea/server1_cert.pem, > > "key-file": /usr/lib/kea/server1_key.pem > > > > 1)So my doubt is do all three certificates should be in .pem format? > > > > Asking this because while I am reading about the certificate content, at > one of the places it says "The sample set of the certificates are available > at src/lib/asiolink/testutils/ca kea source folder and when I see there I > don't see .pem files > > I just want to test with that sample certificates to rule out whether > the issue is either with the environment setup or with my certificates. > > > > Thanks > > > > On Wed, Jun 28, 2023 at 2:10 AM Darren Ankney <darren.ank...@gmail.com> > wrote: > >> > >> Hi Kraishak, > >> > >> In the latest 2.3.8 ARM, the full quote is: > >> > >> "Before Kea 2.1.7 using HTTPS in the HA setup required use of the > >> Control Agent on all peers." > >> > >> followed by: > >> > >> "Since Kea 2.1.7 the HTTPS server side is supported:" > >> > >> see > https://kea.readthedocs.io/en/kea-2.3.8/arm/hooks.html#https-support > >> for full details. > >> > >> On Tue, Jun 27, 2023 at 12:26 PM Kraishak Mahtha < > kraishak....@gmail.com> wrote: > >> > > >> > Hi, I am using the kea-failover peer with Muti threading enabled > HA+MT so hence I am not using the control -agent and using it directly, and > everything is working fine as expected. > >> > Here now I am trying to use TLS with certificates configured but it > does not seems to work as expected, When I was reading more on the > certificates section I see a line saying "using HTTPS in the HA setup > required use of the Control Agent on all peers", so just to rule out my > issue with certificates, do we need to use/configure Control agent on all > peer for TLS even after enabling multi-threading? > >> > > >> > Thanks in Advance > >> > Kraishak > >> > > >> > -- > >> > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > >> > > >> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users > . > >> > > >> > Kea-users mailing list > >> > Kea-users@lists.isc.org > >> > https://lists.isc.org/mailman/listinfo/kea-users > >> -- > >> ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > >> > >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > >> > >> Kea-users mailing list > >> Kea-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/kea-users >
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
