Okay, I found it! It was a wrong permission level on the certificates; they
cannot be world read/write-able (e.g. 755). Changing their permission to
750 (or below) fixed the problem.
As a side-note, I needed to install the certificates in a custom location
(other than the default ones). Setting/exporting SNMPCONFPATH environment
variable to the custom path/location allows Net-SNMP to look for
certificates in any custom location!
On Tue, Oct 1, 2013 at 6:05 PM, M. A. Arefin <arefin....@gmail.com> wrote:
> Update, "error finding server identity keys" is happening when
> tlstcp:localhost:10161 is provided in snmpd command-line. "snmpd
> dtlsudp:localhost:10161" runs fine. So this may have something to do with
> "tlstcp".
>
>
> On Tue, Oct 1, 2013 at 5:32 PM, M. A. Arefin <arefin....@gmail.com> wrote:
>
>> Hello dear Net-SNMP'ers,
>>
>> I can configure snmpd to send traps using trapsess directives and
>> snmptrapd to receive those traps over udp using USM. I need to do the same
>> thing over (D)TLS using TSM.
>>
>> I am trying to follow the instructions in
>> http://www.net-snmp.org/wiki/index.php/Using_DTLS.
>>
>> When I run snmpd, I get "error finding server identity keys".
>>
>> My snmpd.conf has the following line -
>> #-------------------------------------------------------------------
>> [snmp] localCert
>> FD:A9:75:D9:53:C1:F4:D9:8E:77:95:AA:6C:E0:35:F0:3A:34:05:4B
>> #-------------------------------------------------------------------
>>
>> Above Fingerprint relates to ~/.snmp/tls/certs/snmpd.crt as given by
>> "net-snmp-cert showcerts --fingerprint --subject" command. I have generated
>> snmpd.crt and snmpd.key using net-snmp-cert tool. Looks like snmpd is NOT
>> finding the server certificate.
>>
>> Any idea? Appreciate any hint.
>>
>> Could someone provide working examples of snmpd.conf and snmptrapd.conf
>> for (D)TLS connections?
>>
>>
>> - Arefin
>>
>>
>
>
> --
> M. A. Arefin
>
> 240.401.7074 (cell)
>
--
M. A. Arefin
240.401.7074 (cell)
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users