[Kea-users] Kea 3 HA with TLS - private keys
Peter Davies
peterd at isc.org
Thu Apr 30 08:14:39 UTC 2026
Hi Frederick,
When acting as a server, Kea Server 1 presents the server1
certificate to the
client (Kea Server 2), who then uses the trust_anchor to verify it.
Kea Server 1 uses the server1 private key to sign data during the
handshake and
to prove it owns that certificate.
You have require-client-certs": true, defined - So when acting as a client,
Kea Server 1 will present the server1 certificate to the server (Kea
Server 2),
who then uses the trust_anchor to verify it.
Therefore /usr/lib/kea/server1_cert.pem" and
/usr/lib/kea/server1_key.pem need
only exist on Kea Server 1
The same for Kea Server 2's certificate and key files.
There should be no problem with having all the files on both servers.
/Peter
On 29/04/2026 10.35, Frederick Bloggingtons wrote:
> require-client-certs": true,
--
Peter Davies
Support Engineer
Internet Systems Corporation
More information about the Kea-users
mailing list