带有SHA1证书的SNMPTLS在5.7.3中运行良好。我将netsnmp升级到5.7.3以获得SHA256支持,但是snmpd恶魔显示错误
"error finding server identity keys"
命令:
snmpget -v 3 --defSecurityModel=tsm -u joecool -l authPriv -T our_identity=manager -T their_identity=snmpd tlstcp:192.168.1.125:10161 sysContact.0
snmpget命令抛出以下错误
tlstcp: failed to ssl_connect
snmpget: Unknown host (tlstcp:192.168.1.125:10161)
snmpd恶魔抛出错误:
TLSTCP: Failed to create a SSL BIO
snmpd.conf中的配置如下所示:
master agentx
agentXTimeout 100
[snmp] localCert 0D:C1:CA:B7:2A:83:5E:43:42:1E:A1:0D:07:2C:97:2B:B5:75:20:2B
rwcommunity public
certSecName 10 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E --cn
rwuser -s tsm "joecool"
启动snmpd
snmpd -f -Lo -C -c /usr/share/snmp/snmpd.conf -Dtsm,dtls,openssl,cert tlstcp:10161 dtlsudp:10161 udp:161
详细的错误日志如下:
块引用
启用AgentX主支持。 cert:util:config:parsing 10 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E --cn cert:find:params:在MULTIPLE(0x200)中寻找remote_peer(2),提示3196293592 cert:find:params:在FINGERPRINT(0x2)中查找remote_peer(2),提示3196293592 证书:find:params:hint = 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E cert:find:params:在FILE(0x1)中查找remote_peer(2),提示3196293592 证书:find:params:hint = 9A:C9:59:BC:A8:C4:C1:01:4B:6F:0E:57:CB:3E:3E:6E:AD:08:E0:9E 证书:map:add:pri 10,fp 9ac959bca8c4c1014b6f0e57cb3e3e6ead08e09e cert:find:params:在DEFAULT(0x0)中查找identity(1),提示0 cert:find:params:在MULTIPLE(0x200)中寻找身份(1),提示234144 cert:find:params:在FINGERPRINT(0x2)中查找标识(1),提示234144 证书:find:params:hint = 0D:C1:CA:B7:2A:83:5E:43:42:1E:A1:0D:07:2C:97:2B:B5:75:20:2B cert:find:params:在FILE(0x1)中查找identity(1),提示234144 证书:find:params:hint = 0D:C1:CA:B7:2A:83:5E:43:42:1E:A1:0D:07:2C:97:2B:B5:75:20:2B 找错服务器身份密钥 dtlsudp:netsnmp_dtlsudp_transport():transports / snmpDTLSUDPDomain.c,1421: 使用(D)TLS请求3以外的SNMP版本;反正使用3 tsm:TSM:达到了我们的会话初始化回调 NET-SNMP版本5.7.3 `