Hi Frank,
Thanks for your reply. I did use “System.setProperty("javax.net.debug",
"all");” to view the handshaking traffic between the device and the client. I
found out that I need to add the following lines to get it working with Java
1.8 since it supports TLSv1.2 by default
String[] tlsProtocols = new String[]{"TLSv1.2"};
((TLSTM) transport).setTlsProtocols(tlsProtocols);
I currently got stuck at *** ServerHello, TLSv1.2 step, the error is
“sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target”
I think that it might have something to do with the incorrect setup of keystore
and truststore that I have, but I have not been able to figure out what exactly
I should construct them to make it pass this error.
Here are certificates and keys that I have,
• CACert
• DeviceCert: whose alias is “device”
• ClientCert: whose alias is “client”
• DeviceKey: private key of device
• ClientKey : private key of client
which I could connect to the device by using such a command:
openssl s_client -connect <Device’s IPv6 Addr>:<port no> -tls1_2 -cert
ClientCert -CAfile CACert -key ClientKey
The keystore is created by adding ClientCert, CACert and ClientKey together.
Then I imported the CACert and DeviceCert into Java’s default truststore in
JAVA_HOME/lib/security/cacerts
And in the client code, I have
CertifiedTarget ct = new CertifiedTarget(new OctetString(“device”));
and
securityCallback.addLocalCertMapping(ct.getAddress(), “client”);
Any pointer on what keystore and truststore should be and the correct way to
construct CertifiedTarget and use securityCallback.addLocalCertMapping() is
greatly appreciated.
Thanks very much,
Nick
On 11/13/17, 6:34 PM, "Frank Fock" <f...@agentpp.com> wrote:
Hi Nick,
Do you have enabled debug logging? This should give more detailed
information about the TLS handshake.
Best regards,
Frank
> On 11. Nov 2017, at 17:14, Nick Chang <nick.ch...@serimaconsulting.com>
wrote:
>
> Hi Frank,
>
> I am using snmp4j to build a client with functionality similar to that of
net-snmp’s snmpget. The device is using IPv6 and configured with TLS.
> I followed the instruction carefully given on this page,
https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144, but the
response always comes back with null from the device.
> Do you have any suggestion how I should trouble this further. I am using
JDK 1.8 and snmp4j v2.5.6
>
> Thanks,
>
> Nick
>
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J@agentpp.org
> https://oosnmp.net/mailman/listinfo/snmp4j
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
https://oosnmp.net/mailman/listinfo/snmp4j
