Successfully imported certificates fail with "error finding client identity keys"

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I am testing a DTLS snmp server using net-snmp version 5.6 on windows under cygwin as the client.

I have several certificates that I have imported successfully using net-snmp-cert -t <friendly name> <cert_file_name> <key_file_name>

When I use net-snmp-cert showcerts <friendly name>, it successfully finds the corresponding cert and dumps out info from it without issue.

However, when I issue any snmp command using the same friendly name, such as snmpget, I get the following output:

$ snmpget -v 3 -s tsm -t 10 -l authPriv -m +ALL -e "00000063000000A1000A0000A01
3" -T our_identity= client_cert_name -T their_identity=server_cert_name dtlsudp:192.168.1.97:10161 snmpTsmConfigurationUsePrefix.0

No log handling enabled - using stderr logging
hash type none not supported. using SHA1
error finding client identity keys
failed to create the SSL session structure
failed to open a new dtls connection
snmpget: Failure in sendto (Sub-id not found: (top) -> snmpTsmConfigurationUsePr
efix) (No such file or directory)
Segmentation fault (core dumped)

Different certs give me different errors, and it seems like all of the certs that give me errors have been imported more than once under different friendly names.  Can this cause this problem?  Is there away to clean out the certificate store and remove all registered friendly names and start from scratch?

Any other suggestions?

Thanks,
James