Am 29.06.23 um 15:34 schrieb Eric Graham:
Stefan,
I think so, but I'm not sure if it's best practice to share that
certificate with Kea since you'd need to open up permissions a little
and allow Kea to read the private key. If you have no qualms with that
note, then it's probably worth an attempt, at least. Since Kea shouldn't
be running as root, you may need to change group ownership of the certs
or use fACLs.
I could copy them over to /var/lib/kea and adjust things.
Prepared that already
As far as I understand the CAs have to be placed "cross-wise":
server1 has to use ca_server2.pem as trust-anchor
server2 has to use ca_server1.pem as trust-anchor
Right?
I haven't started editing things yet, can't risk downtime while people
are working there.
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-users
