If TLS is enabled in libnetconf2, the TLS functionality is enabled. However, in order to make it working, you must perform a few initial configuration tasks.
With every action that requires verification, you can specify
paths to the client certificate to be used. Also, if you do not
specify any certificate, the default one will be used. To set it
up, use the cert replaceown command.
In order to verify the certificate provided by the server, you
need to specify the Certificate Authority certificates you find
trustworthy and make them accessible to netopeer-cli. Again, you
can explicitly specify the path to a Certificate Authority
trusted store, or use the default directory. To add certificates
to this directory, use the cert add command.
For netopeer-cli to check if a certificate was not revocated by
its issuer, use the crl add command to provide
CRLs of your trusted CAs for netopeer-cli.
The netopeer2/example_configuration/tls_certs directory includes copies of the needed example
client certificates, which will work with the server example
certificates.
The CLI supports some basic scripting and an example sample_script.sh
is included for illustration.