<div dir="ltr">Hi Darren, <div>Thank you for the suggestion. I forget to mention, I am using the kea 2.2.0 version the last stable one (Yes as its the latest version compared to 2.17 ) we don't need kea-control agents and I am using HA+MT I don't have dependency on kea-control agent on any of the peer-servers<div><br></div><div>I have one more doubt about the certificate type to be used. In the kea 2.2.0 document, The document says "<span style="background-color:rgb(252,252,252);color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px">Objects in files must be in the PEM format</span>" under section <b>23.1.2 TLS/HTTPS Configuration.</b></div></div><div>And also I checked the examples config in reference documents, and most of them show with .pem files for all three attributes</div><div> "trust-anchor": /usr/lib/kea/CA.pem, <br>"cert-file": /usr/lib/kea/server1_cert.pem, <br>"key-file": /usr/lib/kea/server1_key.pem<br><br>1)So my doubt is do all three certificates should be in .pem format?</div><div><br>Asking this because while I am reading about the certificate content, at one of the places it says "The sample set of the certificates are available at src/lib/asiolink/testutils/ca kea source folder and when I see there I don't see .pem files <br>I just want to test with that sample certificates to rule out whether the issue is either with the environment setup or with my certificates.</div><div><br></div><div>Thanks </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 28, 2023 at 2:10 AM Darren Ankney <<a href="mailto:darren.ankney@gmail.com">darren.ankney@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Kraishak,<br>
<br>
In the latest 2.3.8 ARM, the full quote is:<br>
<br>
"Before Kea 2.1.7 using HTTPS in the HA setup required use of the<br>
Control Agent on all peers."<br>
<br>
followed by:<br>
<br>
"Since Kea 2.1.7 the HTTPS server side is supported:"<br>
<br>
see <a href="https://kea.readthedocs.io/en/kea-2.3.8/arm/hooks.html#https-support" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/kea-2.3.8/arm/hooks.html#https-support</a><br>
for full details.<br>
<br>
On Tue, Jun 27, 2023 at 12:26 PM Kraishak Mahtha <<a href="mailto:kraishak.edu@gmail.com" target="_blank">kraishak.edu@gmail.com</a>> wrote:<br>
><br>
> Hi, I am using the kea-failover peer with Muti threading enabled HA+MT so hence I am not using the control -agent and using it directly, and everything is working fine as expected.<br>
> Here now I am trying to use TLS with certificates configured but it does not seems to work as expected, When I was reading more on the certificates section I see a line saying "using HTTPS in the HA setup required use of the Control Agent on all peers", so just to rule out my issue with certificates, do we need to use/configure Control agent on all peer for TLS even after enabling multi-threading?<br>
><br>
> Thanks in Advance<br>
> Kraishak<br>
><br>
> --<br>
> ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
><br>
> To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
><br>
> Kea-users mailing list<br>
> <a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>