SNMP using TLS

Dharm S Thu, 06 Nov 2014 05:59:39 -0800

Hi All,

I am using net-snmp 5.7.3.pre5


I have the following certificates generated:

net-snmp-cert showcerts --fingerprint --subject/usr/local/etc/snmp/tls:

certs/manager.crt:
subject=
/C=US/ST=CA/L=Davis/O=Net-SNMP/OU=Development/CN=final/emailAddress=
ad...@net-snmp.org
SHA1 Fingerprint=89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6


certs/snmpd.crt:
subject= /C=US/ST=CA/L=Davis/O=Net-SNMP/OU=Development/CN=
final.example.com/emailAddress=ad...@net-snmp.org
SHA1 Fingerprint=09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0

In snmp.conf, I have added the following for default configuration:

defVersion 3
defSecurityModel tsm
defCommunity public
defsecurityname  "final"
defsecuritylevel  authPriv

localCert 09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
peerCert 89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6

In snmpd.conf I have added,

rwuser -s tsm "final"

[snmp] localCert 09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0

certSecName 10 89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
--cn

When i try the following command by giving the keys in command line, I am
able to get the output.

snmpget -T
our_identity=89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6 -T
their_identity=09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
dtlsudp:localhost:10161 sipCommonCfgServiceStartTime.1

whereas, when i run the following, it is not able to retrieve the
certificate values properly:

snmpwalk dtlsudp:localhost:10161 sipCommonMIB
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
failed rfc5343 contextEngineID probing
snmpwalk: Timeout (Success)

I have tried many variations and even went through the mailing lists. But I
am not able to understand the reason behind the error or to solve it. Is
there anything wrong in the configuration? I have followed the tutorial of
dtls and also replaced the defX509ClientPub and defX509ServerPub tokens
since they are deprecated.

------------------------------------------------------------------------------

_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

SNMP using TLS

Reply via email to