[nsd-users] Can XoT use self-signed certificates?
Klaus Darilion
klaus.darilion at nic.at
Wed Mar 19 09:08:18 UTC 2025
>> Further, why is it necessary to explicitly set the tls-cert-bundle?
>> I guess there is a reason as Bind9 also requires to manually set the
>> ca-file for mutual TLS and client verification. I just don’t
>> understand why.
> different OS flavors have different places for a "default set of certs
> trusted by the os vendor" (CA/B truststor)
> I think, for that reason, it's nessesary to be explicit in nsd.conf
The confusing thing is, that for "strict TLS" there is no need to configure 'tls-cert-bundle' and the OS installed CAs are used for validation. Only for mutual TLS it is mandatory to configure 'tls-cert-bundle', for which I do not see any reason.
regards
Klaus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250319/d480577c/attachment.htm>
More information about the nsd-users
mailing list