Stefan, I think so, but I'm not sure if it's best practice to share that certificate with Kea since you'd need to open up permissions a little and allow Kea to read the private key. If you have no qualms with that note, then it's probably worth an attempt, at least. Since Kea shouldn't be running as root, you may need to change group ownership of the certs or use fACLs.
Eric Graham DevOps Specialist Direct: 605.990.1859 [email protected]<mailto:[email protected]> [cid:5b21c730-a772-4f63-a022-cd498fb2bc5e] ________________________________ From: Kea-users <[email protected]> on behalf of Stefan G. Weichinger <[email protected]> Sent: Thursday, June 29, 2023 3:02 AM To: [email protected] <[email protected]> Subject: Re: [Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost CAUTION: This email originated outside the organization. Do not click any links or attachments unless you have verified the sender. Am 28.06.23 um 09:28 schrieb Stefan G. Weichinger: > Am 27.06.23 um 17:17 schrieb Eric Graham: >> Stefan, >> >> Make sure that when you change the password, you also change it in >> Stork and in the HA hook config on each daemon of each server. >> >> I am not aware of documentation from ISC for generating certificates, > > this: > > https://github.com/isc-projects/kea/blob/master/src/lib/asiolink/testutils/ca/doc.txt > > ? The two Kea-Servers are also samba-AD-DCs : so they have their own AD-related TLS-certs here: # ls -l /var/lib/samba/private/tls insgesamt 12 -rw-r--r-- 1 root root 2074 30. Nov 2022 ca.pem -rw-r--r-- 1 root root 2078 30. Nov 2022 cert.pem -rw------- 1 root root 3243 30. Nov 2022 key.pem May I "simply" use these for kea as well? I assume so ... -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
