Hi all,
I'm trying to turn up a new Kea cluster in hot standby mode (with Stork) and everything is working as expected EXCEPT TLS support. I can't get TLS working to Stork and I can't get TLS working between HA nodes. Log output doesn't give me much. I was attempting to use a pre-existing certificate, but it doesn't appear to be working. It's a wildcard and I was attempting to use it for both primary and standby servers. I assume the URI in the config (for the control agent or the Kea HA config) should read "https" instead of "http" -- and would be port 443 instead of 8000 or 8080, correct? Or is forcing TLS over 8000 or 8080 the better way to go? I've also tried using a reverse proxy through Apache (again, using the wildcard certificates) and couldn't get it to work. Throughout the entire exercise, Stork would show HA status as "unavailable" (primary) or "failed" (secondary). I've also played with disabling client certificate verification/validation. I've not yet tried setting up a custom CA with custom certificates for each server. I'd like to verify I'm not missing any fundamentals before I attempt this, but not wholly against trying. I've read through as many docs as I could find, but it appears I'm missing something. Are there some practical recommendations or best practice guides for TLS setup outside the Kea ARM? Best, Jason *Confidentiality Notice* This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this email message is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete this email message from your computer.
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users