unbound: Drop certificates for local control connection

These are a cause of worry because they are sometimes generated with an invalid timestamp and therefore render unbound being unusable. There is no strong reason to use self-signed certificates for extra security here. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-05-08 05:56:11 +02:00 · 2019-02-17 13:46:51 +00:00
parent 256070e92f
commit 9bc1760052
4 changed files with 4 additions and 10 deletions
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -83,12 +83,8 @@ server:

 remote-control:
 	control-enable: yes
-	control-use-cert: yes
+	control-use-cert: no
 	control-interface: 127.0.0.1
-	server-key-file: "/etc/unbound/unbound_server.key"
-	server-cert-file: "/etc/unbound/unbound_server.pem"
-	control-key-file: "/etc/unbound/unbound_control.key"
-	control-cert-file: "/etc/unbound/unbound_control.pem"

 # Import any local configurations
 include: "/etc/unbound/local.d/*.conf"