<div dir="ltr">Hi Kevin,<div><br></div><div>Thanks for the response.</div><div>'not specified' means 'not specified'; it doesn't mean 'specified but the file is empty'<br></div><div>-->I didn't emptied the file, as i said I emptied the field values not the file content like </div><div> "trust-anchor": "",<br> "cert-file": "",<br> "key-file": "",<br></div><div><br></div><div><span style="color:rgb(64,64,64);font-size:16px;background-color:rgb(252,252,252)"><font face="tahoma, sans-serif">The three parameters must be either all not specified (HTTPS disabled) or all specified (HTTPS enabled). Specification of the empty string is considered not specified; this can be used, for instance, to disable HTTPS for a particular peer when it is enabled at the global level.</font></span><br></div><div><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;background-color:rgb(252,252,252)">--> This above line from the kea admin link says the specifying empty string will disable the HTTPS so I thought of testing such case with giving empty strings for the fields </span></div><div><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"><br></span></div><div><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)">Thanks </span></div><div><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)">Kraishak </span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 3, 2023 at 3:33 PM Kevin P. Fleming <<a href="mailto:lists.kea-users@kevin.km6g.us">lists.kea-users@kevin.km6g.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg9055167433988026415"><u></u><div><div>On Mon, Apr 3, 2023, at 03:12, Kraishak Mahtha wrote:<br></div><blockquote type="cite" id="m_9055167433988026415qt"><div dir="ltr"><div>Hi,<br></div><div><br></div><div>While I am checking for the failover section in the kea guide under the section<br></div><div><br></div><div><a href="https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=trust-anchor#https-support" target="_blank">https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=trust-anchor#https-support</a> it says<br></div><div><br></div><div>The three parameters must be either all not specified (HTTPS disabled) or all specified (HTTPS enabled)<br></div><div>--> I tried the case with empty files<br></div><div>Tried empty values for the fields trust-anchor,cert-file,key-file in kea-dhcpd.conf in both primary and secondary but It didn't work then later I made empty the fields also in kea-ctrl-agent.conf but still didn't work, tried setting the param value require-client-certs and cert-required to false but still didn't work<br></div><div>Again When I replaced it with a certificate file it worked, so I doubt if the certificates are mandatory for kea-HA(2.2.0) in the latest version.<br></div></div></blockquote><div><br></div><div>'not specified' means 'not specified'; it doesn't mean 'specified but the file is empty'. That isn't a valid configuration. Certificates are mandatory for TLS support, and are not used at all if TLS support is not enabled.<br></div><div><br></div><blockquote type="cite" id="m_9055167433988026415qt"><div dir="ltr"><div><br></div><div>And also do we need to run the kea-control agent on both the primary and failover servers?<br></div></div></blockquote><div><br></div><div>If the control agent is being used for HA support, it has to be running on every server in the HA group (primary, secondary, and backup).<br></div></div>-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</div></blockquote></div>