[stork-users] Stork Agent: Specify location and name for certificate
Slawek Figiel
slawek at isc.org
Tue Aug 2 10:07:52 UTC 2022
Hello Mik!
Don't worry. It works as expected.
The log message mentions the certificate used to secure communication
between Stork Server and Stork Agent and between Stork Agent and Kea
Control Agent. It's generated by the server during the registration. It
means that initially, it doesn't exist. This certificate isn't used by
the Stork Server to serve the external traffic.
Important notice. The generated certificate is self-signed. If you are
unhappy with it or want to use your own certificates, you can use the
Stork Tool to replace them. More info in docs
(https://stork.readthedocs.io/en/latest/man/stork-tool.8.html#certificates-management).
The " --skip-tls-cert-verification " option applies only to
communication between Stork Agent and Kea Control Agent. If it's set,
Stork Agent doesn't validate the Kea-side certificate (Kea can use
self-signed credentials).
Best regards
Slawek
On 01/08/2022 20:34, Mik J wrote:
> OS: Openbsd 7.1
>
> Hello everyone,
>
> When I start the stork agent I can see messages about the agent not
> finding certificates
> # ./backend/cmd/stork-agent/stork-agent --listen-stork-only
> ERRO[2022-08-01 20:25:23] caclient.go:113 open
> /var/lib/stork-agent/certs/ca.pem: no such file or directory
>
> When I start it with the option --skip-tls-cert-verification I don't
> see such message
> # ./backend/cmd/stork-agent/stork-agent --listen-stork-only
> --skip-tls-cert-verification
>
> I don't store certificates in /var/lib/stork-agent/certs/ca.pem and in
> the documentation for agent.env file they only talk about certificates
> for REST API.
> How can I add a configuration to specify the location and the name of
> ca.pem file ?
>
> Thank you
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/stork-users/attachments/20220802/6540382f/attachment.htm>
More information about the Stork-users
mailing list