TLS certificate question about Unbound 1.9.2
Wouter Wijngaards
wouter at nlnetlabs.nl
Thu Apr 4 07:04:46 UTC 2019
Hi,
So this config file is fine, the tls-cert-bundle should work find with a
version of unbound that supports the options (eg. 1.9.2). Like, for me,
it works. I guess you downgraded and are now using an older version
that does not support the tls-cert-bundle option, so the unknown keyword
error is accurate?
Best regards, Wouter
On 4/3/19 7:52 PM, rollingonchrome via Unbound-users wrote:
> Hello,
>
> Thank you for the replies. I believe I have the tls-cert-bundle
> information correctly indented now. But, I am still getting the same
> errors as before about unknown keywords and strays.
>
> It is indented like this:
>
> server:
>
> [a few lines omitted]
>
> #Added for DoT
> tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
>
> Here is a link to my actual conf file if anyone would be willing to take
> a look:
> https://send.firefox.com/download/83192a35d41caf47/#G4NxNtajpM1KmZgLI-boBg
>
> I've read that OpenSSL on Jessie doesn't support any TLS except 1.2, so
> I'm wondering if that might be this issue. Not sure what version of TLS
> Unbound 1.9.1 uses (I downgraded).
>
> Thank you for your help.
>
> Best,
>
> RoC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190404/c4325a47/attachment.bin>
More information about the Unbound-users
mailing list