<div dir="ltr"><div>I created a CA cert following the instructions here:</div><div><a href="https://support.oneidentity.com/fr-fr/technical-documents/syslog-ng-open-source-edition/3.22/mutual-authentication-using-tls">https://support.oneidentity.com/fr-fr/technical-documents/syslog-ng-open-source-edition/3.22/mutual-authentication-using-tls</a><br></div><div><br></div><div>And the serverkey.pem is not encrypted, but syslog-ng is asking for a password when it starts up for the serverkey.pem. Any help would be appreciate</div><div><br></div><div><br></div><div>Head of the server.key</div><div>-----BEGIN PRIVATE KEY-----<br>MIIEvAI....<br><br></div><div>syslog error:</div>[2021-03-17T19:56:03.552322] Error setting up TLS session context; tls_error='system library:fopen:Permission denied', location='/etc/syslog-ng/syslog-ng.conf:21:2'<br>[2021-03-17T19:56:03.552355] Error setting up TLS context; keyfile='/etc/ssl/certs/cert.d/serverkey.pem'<br>[2021-03-17T19:56:03.552407] Waiting for password; keyfile='/etc/ssl/certs/cert.d/serverkey.pem'<div><br></div><div><br></div><div>syslog-ng config:</div><div>@version: 3.29<br>@include "scl.conf"<br><br>source s_local {<br>      internal();<br>};<br><br>source s_network {<br> default-network-drivers(<br>              # NOTE: TLS support<br>           #<br>             # the default-network-drivers() source driver opens the TLS<br>           # enabled ports as well, however without an actual key/cert<br>           # pair they will not operate and syslog-ng would display a<br>            # warning at startup.<br>         #<br>             tls(key-file("/etc/ssl/certs/cert.d/serverkey.pem") cert-file("/etc/ssl/certs/cert.d/servercert.pem") ca_dir("/etc/ssl/certs/ca.d"))<br>                peer_verify(optional-untrusted)<br>   );<br>};<br><br>destination d_local {<br>       file("/var/log/messages");<br>  file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));<br>};<br><br>log {<br>    source(s_local);<br>      source(s_network);<br>    destination(d_local);<br>};</div><div><br></div><div>docker run command: </div><div>sudo docker run -d --privileged -it -v "/data/syslog-ng/config/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf" -v "/data/syslog-ng/logs:/var/log" -v "/data/syslog-ng/certs:/etc/ssl/certs" -p 514:514/udp -p 601:601 -p 6514:6514 --name syslog-ng2 balabit/syslog-ng:latest -edv<br clear="all"><div><br></div><div>Thanks,</div><div>Steven</div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div> <div style="font:bold 14px Arial,Helvetica,sans-serif"><span style="color:rgb(136,136,136);font-size:small;font-weight:400"><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(0,122,151);font-family:"Helvetica Neue";font-size:14.6667px;white-space:pre-wrap">Steven La </span><br></p></span><span style="color:rgb(136,136,136);font-size:small;font-weight:400"><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:16px;font-family:Calibri;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">408-503-0289</span><span style="font-size:16px;font-family:Calibri;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> </span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:16px;font-family:Calibri;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><a href="mailto:Steven.La@datastax.com" style="color:rgb(17,85,204)" target="_blank">steven.la@datastax.com</a> </span><span style="background-color:transparent;font-size:11pt;font-family:"Helvetica Neue";color:rgb(0,122,151);vertical-align:baseline;white-space:pre-wrap"> </span><span style="background-color:transparent;font-size:11pt;font-family:"Helvetica Neue";color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap">|  </span><span style="background-color:transparent;font-size:11pt;font-family:"Helvetica Neue";color:rgb(0,122,151);vertical-align:baseline;white-space:pre-wrap"><a href="http://datastax.com/" style="color:rgb(17,85,204)" target="_blank">datastax.com</a></span></p></span></div>
</div></div></div></div></div></div></div>