I appreciate the suggestion. It might be worth noting that documentation
should include -u for authentication headers IMO, not that I'm expert.
curl (and telnet) to the server's DNS address has the connection refused
(to http and https to FQDN or localhost) but by ip address almost works:
"Empty reply from server" tho telnet works.
curl --insecure -u bad_user:bad_password -X POST -H "Content-Type:
application/json" -d '{ "command": "config-get", "service": [ "dhcp4" ] }'
xxx.xxx.xxx.xxx:8000
CS, cs.temp.m...@gmail.com
On Thu, 14 Mar 2024 at 12:06, Darren Ankney <darren.ank...@gmail.com> wrote:
> Hi,
>
> You might try using "curl" as shown here:
>
>
> https://kea.readthedocs.io/en/kea-2.4.1/arm/ctrl-channel.html#using-the-control-channel
>
> I know very little about SSL, but `--insecure` added to the curl
> command line will cause it to not check validity of certificates. You
> can also specify cert files on the command line. This should let you
> test your certificate setup more easily I'd think.
>
> Thank you,
> Darren Ankney
>
> On Thu, Mar 14, 2024 at 2:40 PM CS <cs.temp.m...@gmail.com> wrote:
> >
> > Thanks for the reply Rick. In this deployment I have specified in the
> control agent conf:
> > "cert-required": true,
> > "trust-anchor": "Certificate_Autority.pem",
> > "cert-file": "ca1_cert.pem",
> > "key-file": "ca1_key.pem",
> >
> > all pointing to self signed certs created with the help of (basically)
> the script I worked on in the reddit link. Stripping the certs away
> certainly allows the kea-shell commands to work, however this isn't the
> goal.
> >
> > I don't understand the second part of your reply.
> > >or is set to true and you did not provide one in the sample command
> line.
> >
> > Don't I show what you are suggesting I might not have done? "--ca
> Certificate_Autority.pem"
> >
> > CS, cs.temp.m...@gmail.com
> >
> >
> > On Thu, 14 Mar 2024 at 11:22, Rick Frey <grib...@gmail.com> wrote:
> >>
> >> I believe that error indicates your Kea server requires a client
> certificate. Per Kea documentation, the config parameter "cert-required”
> default is true. Would indicate your server config didn’t set or is set to
> true and you did not provide one in the sample command line. If you don’t
> require client cert for authentication, you can set to false in
> kea-ctl-agent.conf.
> >>
> >> On Mar 13, 2024, at 16:11, CS <cs.temp.m...@gmail.com> wrote:
> >>
> >> Hey guys,
> >>
> >> What does this mean?
> >> Failed to run: [SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert
> certificate required (_ssl.c:2578)
> >>
> >> I'm back again after getting pulled off onto other projects, I am
> working on getting my small kea cluster running with Micetro.
> >>
> >> Micetro refuses to add the servers and while I'd thought I had solved
> all my problems with ya'll before (kea daemons appear to be running error
> free) on re-approaching the problem I have notice I have not been able to
> get kea-shell to run against either localhost or the other server.
> >>
> >> My knowledge of creating and using SSL is very poor. For this project
> alone I worked with the folks on reddit to develop a script for creating
> the self signed certs.
> https://www.reddit.com/r/openssl/comments/170r9ko/creating_self_signed_cert_for_kea_encryption/?utm_source=share&utm_medium=web2x&context=3
> so I assume the error is somewhere there. But I don't understand the reply
> when I run kea-shell.
> >>
> >> kea-shell --host 10.111.45.45 --port 8000 --auth-user "bad username"
> --auth-password "bad password" --ca certs/Certificate_Autority.pem
> list-commands
> >> Failed to run: [SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert
> certificate required (_ssl.c:2578)
> >>
> >> Do you all know what I've done wrong or what I need to do to make the
> cert right?
> >>
> >> CS, cs.temp.m...@gmail.com
> >> --
> >> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >>
> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >>
> >> Kea-users mailing list
> >> Kea-users@lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/kea-users
> >>
> >>
> >> --
> >> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >>
> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >>
> >> Kea-users mailing list
> >> Kea-users@lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/kea-users
> >
> > --
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >
> > Kea-users mailing list
> > Kea-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/kea-users
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
