Update, "error finding server identity keys" is happening when
tlstcp:localhost:10161 is provided in snmpd command-line. "snmpd
dtlsudp:localhost:10161" runs fine. So this may have something to do with
"tlstcp".


On Tue, Oct 1, 2013 at 5:32 PM, M. A. Arefin <arefin....@gmail.com> wrote:

> Hello dear Net-SNMP'ers,
>
> I can configure snmpd to send traps using trapsess directives and
> snmptrapd to receive those traps over udp using USM. I need to do the same
> thing over (D)TLS using TSM.
>
> I am trying to follow the instructions in
> http://www.net-snmp.org/wiki/index.php/Using_DTLS.
>
> When I run snmpd, I get "error finding server identity keys".
>
> My snmpd.conf has the following line -
> #-------------------------------------------------------------------
> [snmp] localCert
> FD:A9:75:D9:53:C1:F4:D9:8E:77:95:AA:6C:E0:35:F0:3A:34:05:4B
> #-------------------------------------------------------------------
>
> Above Fingerprint relates to ~/.snmp/tls/certs/snmpd.crt as given by
> "net-snmp-cert showcerts --fingerprint --subject" command. I have generated
> snmpd.crt and snmpd.key using net-snmp-cert tool. Looks like snmpd is NOT
> finding the server certificate.
>
> Any idea? Appreciate any hint.
>
> Could someone provide working examples of snmpd.conf and snmptrapd.conf
> for (D)TLS connections?
>
>
> - Arefin
>
>


-- 
M. A. Arefin

240.401.7074 (cell)
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to