[nsd-users] Can XoT use self-signed certificates?
Willem Toorop
willem at nlnetlabs.nl
Tue Mar 18 15:39:28 UTC 2025
Op 18-03-2025 om 14:14 schreef Klaus Darilion via nsd-users:
>
> Answering myself (untested yet): It seems that ‘tls-cert-bundle:’ may
> be the solution to manually specify trust anchors. Frankly, this is a
> ‘server:’ option but I would have expected it under the tls-auth:
> section to be configurable per tls-context.
>
We could modify that of course, but personally I also feel for the pin
authentication that Knot-dns employs. Would that work for you?
Regards,
-- Willem
> Regards
>
> Klaus
>
> *From:*nsd-users <nsd-users-bounces at lists.nlnetlabs.nl> *On Behalf Of
> *Klaus Darilion via nsd-users
> *Sent:* Monday, March 17, 2025 2:32 PM
> *To:* nsd-users at lists.nlnetlabs.nl
> *Subject:* [nsd-users] Can XoT use self-signed certificates?
>
> Hi!
>
> I am testing XoT with NSD as secondary.
>
> As far as I see, for certificate validation always the OS installed CA
> certificates are used. (/etc/ca-certificates.conf in Ubuntu)
>
> Is it possible to use self signed certificates and manually configure
> a trust-anchor (e.g. ca-file option in many other TLS supported software)?
>
> Is it possbile to use opportunistic/ephemeral TLS as supported by Bind?
>
> Thanks
>
> Klaus
>
>
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250318/4d85428b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Type: application/pgp-keys
Size: 7749 bytes
Desc: OpenPGP public key
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250318/4d85428b/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250318/4d85428b/attachment-0003.bin>
More information about the nsd-users
mailing list