
<p dir="ltr">Well, your device is not trusting syslog-ng then. You have to configure it there or you a certificate authority that it trusts to issue the keys.</p>

<div class="gmail_quote">On Jun 25, 2015 8:26 AM, &quot;Schulte, Klaus (Nokia - DE/Ulm)&quot; &lt;<a href="mailto:klaus.schulte@nokia.com">klaus.schulte@nokia.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div lang="EN-US" link="blue" vlink="purple">

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">The client is an embedded device – rsyslog is running on it.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">With a certificate created from here:</span>

<a href="http://www.selfsignedcertificate.com/" target="_blank">http://www.selfsignedcertificate.com/</a>

<span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">the TLS connection from device to syslog-ng works fine.</span><u></u><u></u></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">With a certificate created with INSTA-Server (not self signed) I see the mentioned problem.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">Best regards<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">  Klaus<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">____________________________________________<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">find my openPGP key here:</span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">

</span><i><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d"><a href="https://keyserver" target="_blank">https://keyserver</a>.<b>pgp</b>.com/</span></i><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">‎<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u> <u></u></span></p>

<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> <a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a> [mailto:<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>]

<b>On Behalf Of </b>ext Scheidler, Balázs<br>

<b>Sent:</b> Thursday, June 25, 2015 7:46<br>

<b>To:</b> Syslog-ng users&#39; and developers&#39; mailing list<br>

<b>Subject:</b> Re: [syslog-ng] CentOS7 syslog-ng 3.5.6: TLS: SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<u></u><u></u></span></p>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<p>The SSL alert is sent by the client, thus the client didn&#39;t accept the certificate of the server. Can you paste that config as well?<u></u><u></u></p>

<div>

<p class="MsoNormal">On Jun 24, 2015 11:44 AM, &quot;Schulte, Klaus (Nokia - DE/Ulm)&quot; &lt;<a href="mailto:klaus.schulte@nokia.com" target="_blank">klaus.schulte@nokia.com</a>&gt; wrote:<u></u><u></u></p>

<p class="MsoNormal" style="margin-bottom:12.0pt">Dear all,<br>

<br>

I&#39;ve this source settings for TLS:<br>

<br>

source s_tcp_tls {<br>

   network(  transport(&quot;tls&quot;)<br>

             ip(10.46.130.65) port(6514)<br>

             tls(<br>

                   peer-verify(&quot;optional-untrusted&quot;)<br>

                   key-file(&quot;/etc/syslog-ng/key.d/syslog-ng.key&quot;)<br>

                   cert-file(&quot;/etc/syslog-ng/cert.d/syslog-ng.cert&quot;)<br>

             )<br>

   );<br>

};<br>

<br>

But when a client connects via TCP/TLS to the syslog-ng service..<br>

<br>

In syslog-ng these messages are showing up:<br>

<br>

syslog-ng starting up; version=&#39;3.5.6&#39;<br>

Syslog connection accepted; fd=&#39;12&#39;, client=&#39;AF_INET(10.46.160.78:48075)&#39;, local=&#39;AF_INET(<a href="http://10.46.130.65:6514" target="_blank">10.46.130.65:6514</a>)&#39;<br>

SSL error while reading stream; tls_error=&#39;SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca&#39;<br>

I/O error occurred while reading; fd=&#39;12&#39;, error=&#39;Connection reset by peer (104)&#39;<br>

Syslog connection closed; fd=&#39;12&#39;, client=&#39;AF_INET(10.46.160.78:48075)&#39;, local=&#39;AF_INET(<a href="http://10.46.130.65:6514" target="_blank">10.46.130.65:6514</a>)&#39;<br>

Closing log transport fd; fd=&#39;12&#39;<br>

<br>

I don&#39;t know why syslog-ng is proving the CA?<br>

As far as I know the configuration is a non-mutual authentication - so the CA shouldn&#39;t play a role in this - is this correct?<br>

<br>

The client sends messages in RFC5424 format.<br>

<br>

Any help is appriciated - I&#39;ve no clue what&#39;s going wrong.<br>

<br>

Best regards<br>

  Klaus<br>

____________________________________________<br>

<br>

<br>

______________________________________________________________________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">

https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">

http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><u></u><u></u></p>

</div>

</div>

</div>


<br>______________________________________________________________________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

<br>

<br></blockquote></div>