Certificate configuration ( snmpd.conf )

[Vincent Gilson via Net-snmp-coders]

Hi,
I'm struggle with agent to be configured for DTLS, so could you confirm my 
snmpd.conf file is OK ? :

Here it is -->

createUser vincent MD5 "myPassPhrase" DES "myPrivPhrase"

agentAddress dtlsudp:10161

dtls enable
dtls serverCert /usr/local/etc/snmp/certs/server.pem
dtls privateKey /usr/local/etc/snmp/certs/server_key.pem
[snmp] x509CRLFile /var/mydev/cacrl.pem
[snmp] serverCert A4:D9:BB:CD:38:79:17:1A:74:A2:19:4D:B1:4E:2A:D4:EE:0D:DC:C7

view viewallmibs included .1
access grptbox "" any priv exact viewallmibs viewallmibs none
access grptbox_unsec "" any auth exact viewallmibs none none

group grptbox tsm vincent
rwuser -s tsm vincent priv -V viewallmibs
certSecName 10 F5:DC:34:45:30:41:A6:39:33:74:EF:8E:23:E8:4C:F2:96:D7:DB:13 --sn 
vincent

-->
More specific questions ;
- Do I have to use "trustCert" ?
- Man does not specify "[snmp] serverCert", or dtls , or dtls serverCert or 
dtls privateKey ... So I'm not sure. Could you confirm I can and this is 
correct ? And if not, how could I specify the server certificate location ?
- I don't have to give to the agent the clients certificates, because I provide 
the fingerprints : am I correct ?

Thanks a lot !


_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders