How to configure the net-snmp agent (snmpd.conf) to send traps using TLS and certificates?
Will it reuse the server snmp server cert and use it as a client cert towards the trapd server? Can you configure a cert per trapsink target?
An example snmpd.conf would help. An answer to look at the net-snmp snmpd.conf man page would not help. Already did... Also looked here: http://www.net-snmp.org/wiki/index.php/Using_DTLS#Configuring_Servers
The trapsess
token actually follows the same conventions in the snmpcmd
manual page, which includes TLS/DTLS options. (In fact, internally, it uses the same argument parsing code).
So... you actually can replace "snmpget" inall the snmpget
examples from the tutorial page you quoted with an appropriate trapsess
directive and put it in your snmpd.conf file. EG, You can use the "-T our_identity=foo" and "-T their_identity=snmptrapd" types of tokens in the trapsess
line.