TLS certificate question about Unbound 1.9.2

Wouter Wijngaards wouter at nlnetlabs.nl
Thu Apr 4 07:04:46 UTC 2019


Hi,

So this config file is fine, the tls-cert-bundle should work find with a
version of unbound that supports the options (eg. 1.9.2).  Like, for me,
it works.  I guess you downgraded and are now using an older version
that does not support the tls-cert-bundle option, so the unknown keyword
error is accurate?

Best regards, Wouter

On 4/3/19 7:52 PM, rollingonchrome via Unbound-users wrote:
> Hello,
> 
> Thank you for the replies. I believe I have the tls-cert-bundle
> information correctly indented now. But, I am still getting the same
> errors as before about unknown keywords and strays.
> 
> It is indented like this:
> 
> server:
>      
>       [a few lines omitted]
>      
>      #Added for DoT
>      tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
> 
> Here is a link to my actual conf file if anyone would be willing to take
> a look: 
> https://send.firefox.com/download/83192a35d41caf47/#G4NxNtajpM1KmZgLI-boBg
> 
> I've read that OpenSSL on Jessie doesn't support any TLS except 1.2, so
> I'm wondering if that might be this issue. Not sure what version of TLS
> Unbound 1.9.1 uses (I downgraded).
> 
> Thank you for your help.
> 
> Best,
> 
> RoC

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190404/c4325a47/attachment.bin>


More information about the Unbound-users mailing list