Since version 2.0, SNMP4J and SNMP4J-Agent support TLS. This How-To describes how those SNMP4J APIs are configured to use TLS.
How to configure SNMP4J to use TLS?
The following steps prepare the SNMP4J API for TLS usage:
- The SNMP TLS Transport Model (TLSTM) uses certificate based authentication, thus we need to configure a trust store for client authentication (SNMP command generator) and a key store (SNMP command responder):
- Create the TLSTM TransportMapping (which may be used with TlsAddress classes only) and set its SecurityCallback for authentication of remote certificates and selecting the local certificate to be used by the TLSTM for client authentication:
- Create a target and set its address if the SNMP instance is command generator:
- If the SNMP instance is a command responder or if one of the following applies then configure the TlsSecurityCallback for the TLSTM instance (see RFC 5953):
- The Java virtual machine of the SNMP instance has a key store configured with more than one certificate (then a certificate has to be selected by the http://www.snmp4j.org/doc/org/snmp4j/transport/tls/TlsTmSecurityCallback.html#getLocalCertificateAlias(org.snmp4j.smi.Address) method).
- No trust key store has been configured or additional trusts (on top of the trust key store) should be established, for example through the mapping rules defined by RFC 5953.