<div dir="ltr">Hello,<div><br></div><div>unable to get local issuer certificate -> syslog-ng does not find a matching CA to check the cert.</div><span class=""><div><br></div><div>"<span style="font-size:13px">openssl verify -CAfile 876f1e28.0 -verbose client.key"</span></div></span><div><br>Instead execute:</div><div><span style="font-size:13px">openssl verify -CApath foocadir -verbose client.pem</span><br></div><div><span style="font-size:13px">//use CApath to see if openssl really finds the ca using the hash, and verify the certificate not the key.</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 9, 2015 at 2:36 PM, Michael Starks <span dir="ltr"><<a href="mailto:syslog-ng-list@michaelstarks.com" target="_blank">syslog-ng-list@michaelstarks.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2015-03-05 18:27, Michael Starks wrote:<br>
> I am trying to get mutual authentication working between a syslog-ng<br>
> server and an Rsyslog client, using <a href="http://startssl.com" target="_blank">startssl.com</a> issued certificates.<br>
> The client does properly authenticate the server, but syslog-ng does<br>
> not<br>
> recognize the client as trusted.<br>
<br>
</span>Well, after messing with the CA certificates and finally getting the<br>
right combo, I got a message that the cert wasn't valid for that<br>
particular purpose (client authentication). Further digging led me to<br>
the discovery that <a href="http://startssl.com" target="_blank">startssl.com</a> does not offer client auth certs for<br>
their free class 1 certificates--a paid upgrade would be required. This<br>
project is not worth spending any money on so I'll just create my own CA<br>
and do it the old-fashioned way. Thanks for the help.<br>
<div class="HOEnZb"><div class="h5">______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</div></div></blockquote></div><br></div>