[nsd-users] Can XoT use self-signed certificates?
Klaus Darilion
klaus.darilion at nic.at
Tue Mar 18 13:14:53 UTC 2025
Answering myself (untested yet): It seems that 'tls-cert-bundle:' may be the solution to manually specify trust anchors. Frankly, this is a 'server:' option but I would have expected it under the tls-auth: section to be configurable per tls-context.
Regards
Klaus
From: nsd-users <nsd-users-bounces at lists.nlnetlabs.nl> On Behalf Of Klaus Darilion via nsd-users
Sent: Monday, March 17, 2025 2:32 PM
To: nsd-users at lists.nlnetlabs.nl
Subject: [nsd-users] Can XoT use self-signed certificates?
Hi!
I am testing XoT with NSD as secondary.
As far as I see, for certificate validation always the OS installed CA certificates are used. (/etc/ca-certificates.conf in Ubuntu)
Is it possible to use self signed certificates and manually configure a trust-anchor (e.g. ca-file option in many other TLS supported software)?
Is it possbile to use opportunistic/ephemeral TLS as supported by Bind?
Thanks
Klaus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250318/60cd712f/attachment.htm>
More information about the nsd-users
mailing list