Since version 23.0, SNMP4J and SNMP4J-Agent support TLS. This How-To describes how those SNMP4J APIs are configured to use TLS.
How to configure SNMP4J to use TLS?
Before you can start using TLS (or DTLS), you need a key pair. You can generate a self signed one for testing purposes as follows:
| Code Block | ||
|---|---|---|
| ||
keytool -keystore dtls-cert.ks -alias dtls-snmp4j-test -storepass snmp4j -keypass snmp4j -genkeypair -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=www.snmp4j.org, OU=Unit-Test, O=AGENTPP, L=Stuttgart, S=Baden-Wuerttemberg, C=DE" -ext "san=dns:localhost,ip:127.0.0.1" |
The following steps then prepare the SNMP4J API for TLS usage:
...
| Code Block |
|---|
// add the distinguished name (DN) of the certificates we want to accept as peer: securityCallback.addAcceptedSubjectDN(""EMAILADDRESS=info@company.com, C=US, CN=Foo Bar""); // |