Hi Kevin, Thanks for the response. 'not specified' means 'not specified'; it doesn't mean 'specified but the file is empty' -->I didn't emptied the file, as i said I emptied the field values not the file content like "trust-anchor": "", "cert-file": "", "key-file": "",
The three parameters must be either all not specified (HTTPS disabled) or all specified (HTTPS enabled). Specification of the empty string is considered not specified; this can be used, for instance, to disable HTTPS for a particular peer when it is enabled at the global level. --> This above line from the kea admin link says the specifying empty string will disable the HTTPS so I thought of testing such case with giving empty strings for the fields Thanks Kraishak On Mon, Apr 3, 2023 at 3:33 PM Kevin P. Fleming < lists.kea-us...@kevin.km6g.us> wrote: > On Mon, Apr 3, 2023, at 03:12, Kraishak Mahtha wrote: > > Hi, > > While I am checking for the failover section in the kea guide under the > section > > > https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=trust-anchor#https-support > it says > > The three parameters must be either all not specified (HTTPS disabled) or > all specified (HTTPS enabled) > --> I tried the case with empty files > Tried empty values for the fields trust-anchor,cert-file,key-file in > kea-dhcpd.conf in both primary and secondary but It didn't work then later > I made empty the fields also in kea-ctrl-agent.conf but still didn't work, > tried setting the param value require-client-certs and cert-required to > false but still didn't work > Again When I replaced it with a certificate file it worked, so I doubt if > the certificates are mandatory for kea-HA(2.2.0) in the latest version. > > > 'not specified' means 'not specified'; it doesn't mean 'specified but the > file is empty'. That isn't a valid configuration. Certificates are > mandatory for TLS support, and are not used at all if TLS support is not > enabled. > > > And also do we need to run the kea-control agent on both the primary and > failover servers? > > > If the control agent is being used for HA support, it has to be running on > every server in the HA group (primary, secondary, and backup). > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users >
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users