On 03/05/2015 11:50 PM, Laci Mészáros wrote:
Hello,
Have you tried syslog-ng start in forward-mode and verbose (-Fdve)? In that case after the first message you can check the SSL error message during the authentication. It could show you the problem with the certificates.
Br, Laci
Thanks for the reply. I tried forward mode and I got these relevant messages: Syslog connection accepted; fd='10', client='AF_INET(1.2.3.4:37464)', local='AF_INET(0.0.0.0:6514)' Certificate validation failed; subject='emailAddress=address@example.com, CN=sub.example.com, C=US', issuer='CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL', error='unable to get local issuer certificate', depth='0' SSL error while reading stream; tls_error='SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned' I/O error occurred while reading; fd='10', error='Connection reset by peer (104)' Syslog connection closed; fd='10', client='AF_INET(52.10.218.147:37464)', local='AF_INET(0.0.0.0:6514)' I am using ca-bundle.pem from startssl.com and the signed certificate validates on both the client and server using openssl verify.