Dharm S
2014-11-10 06:59:18 UTC
Hi All,
I have generated certificates and used the keys while entering the SNMP
commands. I ran snmpd after entering the following lines in snmp.conf:
peerCert 09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
localCert 89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
where peerCert is the fingerprint of snmpd.crt and localCert in manager.crt.
And in snmpd.conf, I have:
[snmp] localCert 09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
certSecName 10 89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
--cn
The snmpget dtlsudp:localhost:10161 sysContact.0 gives following debug
messages:
cert:util:init: init
cert:index:add: dir /usr/local/etc/snmp/tls/ca-certs at index 0
cert:index:add: dir /home/anjali/.snmp/tls/certs at index 4
cert:index:add: dir /usr/local/etc/snmp/tls/private at index 2
cert:index:add: dir /home/anjali/.snmp/tls/private at index 5
cert:index:add: dir /home/anjali/.snmp/tls/ca-certs at index 3
cert:index:add: dir /usr/local/etc/snmp/tls/certs at index 1
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/ca-certs
cert:index:lookup: /usr/local/etc/snmp/tls/ca-certs (0)
/var/net-snmp/cert_indexes/0
cert:index:parse: The index for /usr/local/etc/snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/certs
cert:index:lookup: /usr/local/etc/snmp/tls/certs (1)
/var/net-snmp/cert_indexes/1
cert:index:parse: The index for /usr/local/etc/snmp/tls/certs looks good
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/private
cert:index:lookup: /usr/local/etc/snmp/tls/private (2)
/var/net-snmp/cert_indexes/2
cert:index:parse: The index for /usr/local/etc/snmp/tls/private looks good
cert:key:struct:new: new key 0x0x9f81438 for manager.key
cert:key:struct:new: new key 0x0x9f81388 for snmpd.key
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/ca-certs
cert:index:lookup: /home/anjali/.snmp/tls/ca-certs (3)
/var/net-snmp/cert_indexes/3
cert:index:parse: The index for /home/anjali/.snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/certs
cert:index:lookup: /home/anjali/.snmp/tls/certs (4)
/var/net-snmp/cert_indexes/4
cert:index:parse: The index for /home/anjali/.snmp/tls/certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/private
cert:index:lookup: /home/anjali/.snmp/tls/private (5)
/var/net-snmp/cert_indexes/5
cert:index:parse: The index for /home/anjali/.snmp/tls/private looks good
cert:partner: manager.crt match found!
cert:partner: snmpd.crt match found!
cert:key:read: Checking file snmpd.key
cert:key:read: Checking file manager.key
cert:dump: -------------------- Certificates -----------------
cert:dump: cert snmpd.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: cert manager.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: key manager.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: key snmpd.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: ------------------------ End ----------------------
cert:find:params: looking for identity(1) in DEFAULT(0x0), hint 0
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 167466280
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
167466280
cert:find:params: hint =
89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:params: looking for remote_peer(2) in DEFAULT(0x0), hint 0
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
167493864
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
167493864
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:trust_ca: checking roots for 0x9f80f08
cert:trust: putting trusted cert 0x9f81f70 =
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 in certstore 0x9fd36d0
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
167598104
cert:find:params: hint = 8954990382e414a949d54638c05fb5b2b82771c6
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:params: looking for remote_peer(2) in DEFAULT(0x0), hint 0
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
167493864
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
167493864
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
failed rfc5343 contextEngineID probing
snmpwalk: Timeout (Success)
But if i comment peerCert and localCert and run snmpd with fingerprints
entered in command line, I get the output.
snmpget -v 3 -u final --defSecurityModel=tsm -T
our_identity=89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6 -T
their_identity=09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
dtlsudp:localhost:10161 sysContact.0 -Dcert
output:
cert:util:init: init
cert:index:add: dir /usr/local/etc/snmp/tls/ca-certs at index 0
cert:index:add: dir /home/anjali/.snmp/tls/certs at index 4
cert:index:add: dir /usr/local/etc/snmp/tls/private at index 2
cert:index:add: dir /home/anjali/.snmp/tls/private at index 5
cert:index:add: dir /home/anjali/.snmp/tls/ca-certs at index 3
cert:index:add: dir /usr/local/etc/snmp/tls/certs at index 1
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/ca-certs
cert:index:lookup: /usr/local/etc/snmp/tls/ca-certs (0)
/var/net-snmp/cert_indexes/0
cert:index:parse: The index for /usr/local/etc/snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/certs
cert:index:lookup: /usr/local/etc/snmp/tls/certs (1)
/var/net-snmp/cert_indexes/1
cert:index:parse: The index for /usr/local/etc/snmp/tls/certs looks good
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/private
cert:index:lookup: /usr/local/etc/snmp/tls/private (2)
/var/net-snmp/cert_indexes/2
cert:index:parse: The index for /usr/local/etc/snmp/tls/private looks good
cert:key:struct:new: new key 0x0x97b6218 for manager.key
cert:key:struct:new: new key 0x0x97b6168 for snmpd.key
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/ca-certs
cert:index:lookup: /home/anjali/.snmp/tls/ca-certs (3)
/var/net-snmp/cert_indexes/3
cert:index:parse: The index for /home/anjali/.snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/certs
cert:index:lookup: /home/anjali/.snmp/tls/certs (4)
/var/net-snmp/cert_indexes/4
cert:index:parse: The index for /home/anjali/.snmp/tls/certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/private
cert:index:lookup: /home/anjali/.snmp/tls/private (5)
/var/net-snmp/cert_indexes/5
cert:index:parse: The index for /home/anjali/.snmp/tls/private looks good
cert:partner: manager.crt match found!
cert:partner: snmpd.crt match found!
cert:key:read: Checking file snmpd.key
cert:key:read: Checking file manager.key
cert:dump: -------------------- Certificates -----------------
cert:dump: cert snmpd.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: cert manager.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: key manager.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: key snmpd.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: ------------------------ End ----------------------
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 159287896
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
159287896
cert:find:params: hint =
89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
159374304
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
159374304
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:trust_ca: checking roots for 0x97b5ce0
cert:trust: putting trusted cert 0x97b6d50 =
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 in certstore 0x980f408
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
159374304
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
159374304
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
SNMPv2-MIB::sysContact.0 = STRING: Me <***@example.org>
After this i uncomment peerCert and localCert in snmp.conf, and I am able
to get the output using just
snmpget dtlsudp:localhost:10161 sysContact.0
Can anyone help me in understanding what makes it read while modifying
snmp.conf when snmpd is running and it doesnt read the fingerprints as
required with initial configuration????
I have generated certificates and used the keys while entering the SNMP
commands. I ran snmpd after entering the following lines in snmp.conf:
peerCert 09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
localCert 89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
where peerCert is the fingerprint of snmpd.crt and localCert in manager.crt.
And in snmpd.conf, I have:
[snmp] localCert 09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
certSecName 10 89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
--cn
The snmpget dtlsudp:localhost:10161 sysContact.0 gives following debug
messages:
cert:util:init: init
cert:index:add: dir /usr/local/etc/snmp/tls/ca-certs at index 0
cert:index:add: dir /home/anjali/.snmp/tls/certs at index 4
cert:index:add: dir /usr/local/etc/snmp/tls/private at index 2
cert:index:add: dir /home/anjali/.snmp/tls/private at index 5
cert:index:add: dir /home/anjali/.snmp/tls/ca-certs at index 3
cert:index:add: dir /usr/local/etc/snmp/tls/certs at index 1
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/ca-certs
cert:index:lookup: /usr/local/etc/snmp/tls/ca-certs (0)
/var/net-snmp/cert_indexes/0
cert:index:parse: The index for /usr/local/etc/snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/certs
cert:index:lookup: /usr/local/etc/snmp/tls/certs (1)
/var/net-snmp/cert_indexes/1
cert:index:parse: The index for /usr/local/etc/snmp/tls/certs looks good
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/private
cert:index:lookup: /usr/local/etc/snmp/tls/private (2)
/var/net-snmp/cert_indexes/2
cert:index:parse: The index for /usr/local/etc/snmp/tls/private looks good
cert:key:struct:new: new key 0x0x9f81438 for manager.key
cert:key:struct:new: new key 0x0x9f81388 for snmpd.key
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/ca-certs
cert:index:lookup: /home/anjali/.snmp/tls/ca-certs (3)
/var/net-snmp/cert_indexes/3
cert:index:parse: The index for /home/anjali/.snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/certs
cert:index:lookup: /home/anjali/.snmp/tls/certs (4)
/var/net-snmp/cert_indexes/4
cert:index:parse: The index for /home/anjali/.snmp/tls/certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/private
cert:index:lookup: /home/anjali/.snmp/tls/private (5)
/var/net-snmp/cert_indexes/5
cert:index:parse: The index for /home/anjali/.snmp/tls/private looks good
cert:partner: manager.crt match found!
cert:partner: snmpd.crt match found!
cert:key:read: Checking file snmpd.key
cert:key:read: Checking file manager.key
cert:dump: -------------------- Certificates -----------------
cert:dump: cert snmpd.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: cert manager.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: key manager.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: key snmpd.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: ------------------------ End ----------------------
cert:find:params: looking for identity(1) in DEFAULT(0x0), hint 0
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 167466280
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
167466280
cert:find:params: hint =
89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:params: looking for remote_peer(2) in DEFAULT(0x0), hint 0
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
167493864
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
167493864
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:trust_ca: checking roots for 0x9f80f08
cert:trust: putting trusted cert 0x9f81f70 =
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 in certstore 0x9fd36d0
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
167598104
cert:find:params: hint = 8954990382e414a949d54638c05fb5b2b82771c6
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:params: looking for remote_peer(2) in DEFAULT(0x0), hint 0
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
167493864
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
167493864
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
tsm: needed to free transport data
The fingerprint from the remote side's certificate didn't match the expected
got 8954990382e414a949d54638c05fb5b2b82771c6, expected
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0
DTLSUDP: failed to verify ssl certificate (of the server)
failed rfc5343 contextEngineID probing
snmpwalk: Timeout (Success)
But if i comment peerCert and localCert and run snmpd with fingerprints
entered in command line, I get the output.
snmpget -v 3 -u final --defSecurityModel=tsm -T
our_identity=89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6 -T
their_identity=09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
dtlsudp:localhost:10161 sysContact.0 -Dcert
output:
cert:util:init: init
cert:index:add: dir /usr/local/etc/snmp/tls/ca-certs at index 0
cert:index:add: dir /home/anjali/.snmp/tls/certs at index 4
cert:index:add: dir /usr/local/etc/snmp/tls/private at index 2
cert:index:add: dir /home/anjali/.snmp/tls/private at index 5
cert:index:add: dir /home/anjali/.snmp/tls/ca-certs at index 3
cert:index:add: dir /usr/local/etc/snmp/tls/certs at index 1
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/ca-certs
cert:index:lookup: /usr/local/etc/snmp/tls/ca-certs (0)
/var/net-snmp/cert_indexes/0
cert:index:parse: The index for /usr/local/etc/snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/certs
cert:index:lookup: /usr/local/etc/snmp/tls/certs (1)
/var/net-snmp/cert_indexes/1
cert:index:parse: The index for /usr/local/etc/snmp/tls/certs looks good
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /usr/local/etc/snmp/tls/private
cert:index:lookup: /usr/local/etc/snmp/tls/private (2)
/var/net-snmp/cert_indexes/2
cert:index:parse: The index for /usr/local/etc/snmp/tls/private looks good
cert:key:struct:new: new key 0x0x97b6218 for manager.key
cert:key:struct:new: new key 0x0x97b6168 for snmpd.key
cert:index:parse: added 2 certs from index
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/ca-certs
cert:index:lookup: /home/anjali/.snmp/tls/ca-certs (3)
/var/net-snmp/cert_indexes/3
cert:index:parse: The index for /home/anjali/.snmp/tls/ca-certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/certs
cert:index:lookup: /home/anjali/.snmp/tls/certs (4)
/var/net-snmp/cert_indexes/4
cert:index:parse: The index for /home/anjali/.snmp/tls/certs looks good
cert:index:dir: Scanning directory /home/anjali/.snmp/tls/private
cert:index:lookup: /home/anjali/.snmp/tls/private (5)
/var/net-snmp/cert_indexes/5
cert:index:parse: The index for /home/anjali/.snmp/tls/private looks good
cert:partner: manager.crt match found!
cert:partner: snmpd.crt match found!
cert:key:read: Checking file snmpd.key
cert:key:read: Checking file manager.key
cert:dump: -------------------- Certificates -----------------
cert:dump: cert snmpd.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: cert manager.crt in /usr/local/etc/snmp/tls/certs
cert:dump: type 1 flags 0x3 (identity+remote_peer)
cert:dump: key manager.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: key snmpd.key in /usr/local/etc/snmp/tls/private
cert:dump: type 4 flags 0x1 (identity)
cert:dump: ------------------------ End ----------------------
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 159287896
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
159287896
cert:find:params: hint =
89:54:99:03:82:E4:14:A9:49:D5:46:38:C0:5F:B5:B2:B8:27:71:C6
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert manager.crt /
8954990382e414a949d54638c05fb5b2b82771c6 for identity(1)
(uses=identity+remote_peer (3))
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
159374304
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
159374304
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:trust_ca: checking roots for 0x97b5ce0
cert:trust: putting trusted cert 0x97b6d50 =
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 in certstore 0x980f408
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
159374304
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
159374304
cert:find:params: hint =
09:38:B0:8C:98:43:A0:19:0C:E7:D3:A8:9D:2D:05:76:B8:C1:AF:A0
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd.crt /
0938b08c9843a0190ce7d3a89d2d0576b8c1afa0 for remote_peer(2)
(uses=identity+remote_peer (3))
SNMPv2-MIB::sysContact.0 = STRING: Me <***@example.org>
After this i uncomment peerCert and localCert in snmp.conf, and I am able
to get the output using just
snmpget dtlsudp:localhost:10161 sysContact.0
Can anyone help me in understanding what makes it read while modifying
snmp.conf when snmpd is running and it doesnt read the fingerprints as
required with initial configuration????