[stork-users] Stork Agent: Specify location and name for certificate

[Slawek Figiel]

Hello Mik!

Don't worry. It works as expected.

The log message mentions the certificate used to secure communication 
between Stork Server and Stork Agent and between Stork Agent and Kea 
Control Agent. It's generated by the server during the registration.  It 
means that initially, it doesn't exist. This certificate isn't used by 
the Stork Server to serve the external traffic.

Important notice. The generated certificate is self-signed. If you are 
unhappy with it or want to use your own certificates, you can use the 
Stork Tool to replace them. More info in docs 
(https://stork.readthedocs.io/en/latest/man/stork-tool.8.html#certificates-management).

The " --skip-tls-cert-verification " option applies only to 
communication between Stork Agent and Kea Control Agent. If it's set, 
Stork Agent doesn't validate the Kea-side certificate (Kea can use 
self-signed credentials).

Best regards
Slawek

On 01/08/2022 20:34, Mik J wrote:
> OS: Openbsd 7.1
>
> Hello everyone,
>
> When I start the stork agent I can see messages about the agent not 
> finding certificates
> # ./backend/cmd/stork-agent/stork-agent --listen-stork-only
> ERRO[2022-08-01 20:25:23]         caclient.go:113 open 
> /var/lib/stork-agent/certs/ca.pem: no such file or directory
>
> When I start it with the option --skip-tls-cert-verification I don't 
> see such message
> # ./backend/cmd/stork-agent/stork-agent --listen-stork-only 
> --skip-tls-cert-verification
>
> I don't store certificates in /var/lib/stork-agent/certs/ca.pem and in 
> the documentation for agent.env file they only talk about certificates 
> for REST API.
> How can I add a configuration to specify the location and the name of 
> ca.pem file ?
>
> Thank you
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/stork-users/attachments/20220802/6540382f/attachment.htm>