I followed the step by step directions from
http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS
and got:
$ snmpget -T our_identity=tutorial-joecool \
> -T their_identity=tutorial-agent \
> -t 10 tls:test.net-snmp.org sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162098689) 134 days,
12:03:06.89
$ snmpget -T our_identity=tutorial-joecool \
> -T trust_cert=tutorial-CA \
> -t 10 tls:test.net-snmp.org sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162099339) 134 days,
12:03:13.39
$ snmpget -T
our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43 \
> -T
their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B \
> tls:test.net-snmp.org sysContact.0
SNMPv2-MIB::sysContact.0 = STRING: Net-SNMP Coders <
net-snmp-cod...@lists.sourceforge.net>
While you say you have the private key, you have the private key for
joecool, not for agent. You have to generate a key for your own local
agent, and that is the identity you'll need to use in the their_identity
argument.
You use the net-snmp-cert command to manage/generate certs.
Bill
On Fri, Jul 25, 2014 at 7:32 AM, sandhya reddy <sr8...@gmail.com> wrote:
> Hi Bill,
>
> Glad to see your response.
> I have retrieved the entire certificate tar-ball
> http://www.net-snmp.org/tutorial/tutorial-5/certificates/tutorial-.snmp.tar.gz
> and uncompressed it.
> Initially, i tried to send the snmpget request to test.net-snmp.org using
> the certificates from the tutorial but it also failed giving error "Error
> finding client keys. Unable to create SSL context. Unknown host". Tutorial
> also gives the private keys. I have checked this in private folder of snmp
> If i try to send to the one in the tutirial test.net-snmp.org it should
> work right ?
>
> This is why i switched to the next setup.
> In this, i tried to setup Net-SNMP on two PCs using the same certs and
> keys in tutorial.
> When u pointed out regarding certs i realized that i'm doing it wrong. i
> should create the cert in both Manager and Agent and use these two when
> sending out snmpget request from Manger right?
>
> How do you create the certificates. Is there any link that follow steps to
> create certificates for Net-SNMP?
>
> Once again i thank you for giving response. I've been waiting for some
> response.
>
> Thanks,
> sandhya
>
>
>
>
> On Thu, Jul 24, 2014 at 5:44 PM, Bill Fenner <fen...@gmail.com> wrote:
>
>> Did you configure the certificates properly? In particular, did you
>> configure the server with the private key? Since you're using the
>> fingerprints from the tutorial, but using your local server instead of
>> test.net-snmp.org, where did you get the private key? It's not part of
>> the published set of keys.
>>
>> Bill
>>
>>
>> On Wed, Jul 23, 2014 at 7:08 AM, sandhya reddy <sr8...@gmail.com> wrote:
>>
>>>
>>>
>>> Hi Coders and Users,
>>>
>>> I've setup NET-SNMP 5.6.2.1 and configured tsm model.
>>> I've done this setup on two Ubuntu 14.04 PCs
>>> I'm trying to send out snmpget request over tlstcp:10161 The folowing
>>> are the steps i follow
>>> 1) Start snmpd using the command : snmpd tlstcp:10161
>>> 2) snmpget -T
>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43 -T
>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>> tlstcp:<IPAddress>:10161
>>> sysContact.0
>>> I get an error "Failed to create SSL context".
>>> I'm debugging using wireshark sniffs and observe the following:
>>> In the process of sending out snmpget request, TCP connection is getting
>>> established (i see SYN, SYN/ACK and ACK)and i see PUSH data to the
>>> agent(which might be Client hello the next step from SNMP manager) for
>>> which agent is trying to tear down the TCP connection with FIN/ACK
>>>
>>> Please give me some inputs as to what is wrong that is'm doing.
>>> Please help me to get snmpget request working
>>>
>>>
>>> Thanks,
>>> Sandhya
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Want fast and easy access to all the code in your enterprise? Index and
>>> search up to 200,000 lines of code with a free copy of Black Duck
>>> Code Sight - the same software that powers the world's largest code
>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>> http://p.sf.net/sfu/bds
>>> _______________________________________________
>>> Net-snmp-coders mailing list
>>> net-snmp-cod...@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
