Am 30.06.23 um 18:23 schrieb Stefan G. Weichinger:
So it's very likely that adding that IP SAN to the cert fixes things.
Replaced the CA and the certs/keys in kea-dhcp4.conf and
kea-ctrl-agent.conf.
That changes things, but doesn't fully fix my issues.
Should the cert in kea-ctrl-agent.conf be another one or the same one?
Sorry for my confusion.
If I turn on
"cert-required" in the ctrl-agent and
STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=false for the stork-agent things
fail.
No more problems with a missing IP SAN, but still verification errors.
The ca.crt in /etc/kea is the same on both machines.
And I added that ca.crt to the system's key storage
("update-ca-certificates").
I *think* communication between stork and kea is encrypted now, just not
fully verified.
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
