sslcertificatetls1.2net-snmpsnmp-trap

Configure traps in snmpd.conf with TLS certificates in net-snmp


How to configure the net-snmp agent (snmpd.conf) to send traps using TLS and certificates?

Will it reuse the server snmp server cert and use it as a client cert towards the trapd server? Can you configure a cert per trapsink target?

An example snmpd.conf would help. An answer to look at the net-snmp snmpd.conf man page would not help. Already did... Also looked here: http://www.net-snmp.org/wiki/index.php/Using_DTLS#Configuring_Servers


Solution

  • The trapsess token actually follows the same conventions in the snmpcmd manual page, which includes TLS/DTLS options. (In fact, internally, it uses the same argument parsing code).

    So... you actually can replace "snmpget" inall the snmpget examples from the tutorial page you quoted with an appropriate trapsess directive and put it in your snmpd.conf file. EG, You can use the "-T our_identity=foo" and "-T their_identity=snmptrapd" types of tokens in the trapsess line.