3

The SNMPTLS with SHA1 certificate works fine in 5.7.3. I upgraded netsnmp to 5.7.3 for SHA256 support but the snmpd demon shows error

"error finding server identity keys"

Command :

snmpget -v 3 --defSecurityModel=tsm -u joecool -l authPriv -T our_identity=manager -T their_identity=snmpd tlstcp:192.168.1.125:10161 sysContact.0

The snmpget command throws following error

tlstcp: failed to ssl_connect
snmpget: Unknown host (tlstcp:192.168.1.125:10161)

snmpd demon throws error :

TLSTCP: Failed to create a SSL BIO

The configuration in snmpd.conf is shown below :

 master agentx
 agentXTimeout 100
 [snmp] localCert 0D:C1:CA:B7:2A:83:5E:43:42:1E:A1:0D:07:2C:97:2B:B5:75:20:2B
 rwcommunity public
 certSecName 10 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E --cn
 rwuser -s tsm "joecool"

starting snmpd

 snmpd -f -Lo -C -c /usr/share/snmp/snmpd.conf -Dtsm,dtls,openssl,cert tlstcp:10161 dtlsudp:10161 udp:161

The detailed error log is given below :

Blockquote

Turning on AgentX master support. cert:util:config: parsing 10 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E --cn cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint 3196293592 cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint 3196293592 cert:find:params: hint = 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E cert:find:params: looking for remote_peer(2) in FILE(0x1), hint 3196293592 cert:find:params: hint = 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E cert:map:add: pri 10, fp 9ac959bca8c4c1014b6f0e57cb3e3e6ead08e09e cert:find:params: looking for identity(1) in DEFAULT(0x0), hint 0 cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 234144 cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint 234144 cert:find:params: hint = 0D:C1:CA:B7:2A:83:5E:43:42:1E:A1:0D:07:2C:97:2B:B5:75:20:2B cert:find:params: looking for identity(1) in FILE(0x1), hint 234144 cert:find:params: hint = 0D:C1:CA:B7:2A:83:5E:43:42:1E:A1:0D:07:2C:97:2B:B5:75:20:2B error finding server identity keys dtlsudp: netsnmp_dtlsudp_transport(): transports/snmpDTLSUDPDomain.c, 1421: A SNMP version other than 3 was requested with (D)TLS; using 3 anyways tsm: TSM: Reached our session initialization callback NET-SNMP version 5.7.3 `

Community
  • 1
  • 1
akhil
  • 31
  • 3

0 Answers0