Am 29.06.23 um 16:56 schrieb Eric Graham:
My deployments have a single CA that's used as trust-anchor on both
machines, and then the certificates are signed by the CA. The CA is
further added to the systems' trust stores. I haven't tried what you're
doing (sorry).
I decided to set up a small local CA and generate 2 server certs with it.
Imported the CA to the debian keystore as well.
I have a working communication now between the kea-dhcp4-daemons using
these TLS-certs: great.
-> the DHCP-cluster works
But my setup with the stork-agents and the stork-server is broken now.
The agents seem to contact the kea-control-agents by IP, so the certs
(which don't contain IP SANs according to the ugly error messages) don't
match.
* Do I have to put anything into: /var/lib/stork-agent/certs ?
* I set (in /etc/stork/agent.env):
STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
doesn't help.
* I tried in /etc/kea/kea-ctrl-agent.conf:
"cert-required": false
A bit lost currently, sorry.
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
