Easy Cert Management

Guus Sliepen guus at tinc-vpn.org
Thu Aug 14 09:01:40 CEST 2014


On Wed, Aug 13, 2014 at 03:36:01PM -0700, Cobin Bluth wrote:

> I absolutely love tinc and the features it brings to the table, and also
> the stability it provides.
> 
> My one issue with tinc is that managing certs between different nodes seems
> rather inconvenient. By using "tincd -n vpn -D -d5" I can see when a cert
> fingerprint is denied.
> 
> Does tinc have features like that of puppet where you can list the pending
> certs and accept or deny them?
> 
> see https://docs.puppetlabs.com/references/3.5.1/man/cert.html

No. Actually, when making a connection, no cert or cert fingerprint is
ever exchanged. Nodes need to know each other's public key beforehand.

With tinc 1.1preX, there is the invitation protocol, and there it might
make sense to have a way to list pending invitations, so I just added
that feature to my TODO list.

Very terse documentation is here:

http://tinc-vpn.org/documentation-1.1/tinc-commands.html#index-invite

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140814/7b49e843/attachment.sig>


More information about the tinc mailing list