
<div dir="ltr"><div class="gmail_quote">Hy Michae,</div><div class="gmail_quote"><br></div><div class="gmail_quote">Sorry for the late answer. I try to reproduce the case and inform you about the result</div><div class="gmail_quote"><br></div><div class="gmail_quote">Br,</div><div class="gmail_quote">Laci</div><div class="gmail_quote"><br></div><div class="gmail_quote">2015.03.08. 2:53 ezt írta (&quot;Michael Starks&quot; &lt;<a href="mailto:syslog-ng-list@michaelstarks.com" target="_blank">syslog-ng-list@michaelstarks.com</a>&gt;):<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 03/05/2015 11:50 PM, Laci Mészáros wrote:<br>

&gt; Hello,<br>

&gt;<br>

&gt; Have you tried syslog-ng start in forward-mode and verbose (-Fdve)? In<br>

&gt; that case after the first message you can check the SSL error message<br>

&gt; during the authentication. It could show you the problem with the<br>

&gt; certificates.<br>

&gt;<br>

&gt; Br,<br>

&gt; Laci<br>

<br>

Thanks for the reply. I tried forward mode and I got these relevant<br>

messages:<br>

<br>

Syslog connection accepted; fd=&#39;10&#39;, client=&#39;AF_INET(1.2.3.4:37464)&#39;,<br>

local=&#39;AF_INET(<a href="http://0.0.0.0:6514" target="_blank">0.0.0.0:6514</a>)&#39;<br>

Certificate validation failed;<br>

subject=&#39;emailAddress=<a href="mailto:address@example.com" target="_blank">address@example.com</a>, CN=<a href="http://sub.example.com" target="_blank">sub.example.com</a>, C=US&#39;,<br>

issuer=&#39;CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure<br>

Digital Certificate Signing, O=StartCom Ltd., C=IL&#39;, error=&#39;unable to<br>

get local issuer certificate&#39;, depth=&#39;0&#39;<br>

SSL error while reading stream; tls_error=&#39;SSL<br>

routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned&#39;<br>

I/O error occurred while reading; fd=&#39;10&#39;, error=&#39;Connection reset by<br>

peer (104)&#39;<br>

Syslog connection closed; fd=&#39;10&#39;,<br>

client=&#39;AF_INET(52.10.218.147:37464)&#39;, local=&#39;AF_INET(<a href="http://0.0.0.0:6514" target="_blank">0.0.0.0:6514</a>)&#39;<br>

<br>

I am using ca-bundle.pem from <a href="http://startssl.com" target="_blank">startssl.com</a> and the signed certificate<br>

validates on both the client and server using openssl verify.<br>

______________________________________________________________________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

<br>

</blockquote></div>

</div>