Thanks for the reply Rick. In this deployment I have specified in the control agent conf: "cert-required": true, "trust-anchor": "Certificate_Autority.pem", "cert-file": "ca1_cert.pem", "key-file": "ca1_key.pem",
all pointing to self signed certs created with the help of (basically) the script I worked on in the reddit link. Stripping the certs away certainly allows the kea-shell commands to work, however this isn't the goal. I don't understand the second part of your reply. >or is set to true and you did not provide one in the sample command line. Don't I show what you are suggesting I might not have done? "--ca Certificate_Autority.pem" CS, cs.temp.m...@gmail.com On Thu, 14 Mar 2024 at 11:22, Rick Frey <grib...@gmail.com> wrote: > I believe that error indicates your Kea server requires a client > certificate. Per Kea documentation, the config parameter "cert-required” > default is true. Would indicate your server config didn’t set or is set to > true and you did not provide one in the sample command line. If you don’t > require client cert for authentication, you can set to false in > kea-ctl-agent.conf. > > On Mar 13, 2024, at 16:11, CS <cs.temp.m...@gmail.com> wrote: > > Hey guys, > > What does this mean? > Failed to run: [SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert > certificate required (_ssl.c:2578) > > I'm back again after getting pulled off onto other projects, I am working > on getting my small kea cluster running with Micetro. > > Micetro refuses to add the servers and while I'd thought I had solved all > my problems with ya'll before (kea daemons appear to be running error free) > on re-approaching the problem I have notice I have not been able to get > kea-shell to run against either localhost or the other server. > > My knowledge of creating and using SSL is very poor. For this project > alone I worked with the folks on reddit to develop a script for creating > the self signed certs. > https://www.reddit.com/r/openssl/comments/170r9ko/creating_self_signed_cert_for_kea_encryption/?utm_source=share&utm_medium=web2x&context=3 > so I assume the error is somewhere there. But I don't understand the reply > when I run kea-shell. > > kea-shell --host 10.111.45.45 --port 8000 --auth-user "bad username" > --auth-password "bad password" --ca certs/Certificate_Autority.pem > list-commands > Failed to run: [SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert > certificate required (_ssl.c:2578) > > Do you all know what I've done wrong or what I need to do to make the cert > right? > > CS, cs.temp.m...@gmail.com > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > > > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users >
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
