tss4s003 syslog-ng[9739]: Syslog connection accepted; fd='8', client='AF_INET(10.139.64.126:3766)', local='AF_INET(xx.xx.xx.xx:8514)'
Dec 9 16:24:25 tss4s003 syslog-ng[9739]: Certificate validation failed; subject='OU=Class 3 Public Primary Certification Authority, O=VeriSign\, Inc., C=US', issuer='OU=Class 3 Public Primary Certification Authority, O=VeriSign\, Inc., C=US', error='invalid CA certificate', depth='2'
Dec 9 16:24:25 tss4s003 syslog-ng[9739]: SSL error while reading stream; tls_error='SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned'
Dec 9 16:24:25 tss4s003 syslog-ng[9739]: I/O error occurred while reading; fd='8', error='Connection reset by peer (131)'
Dec 9 16:24:25 tss4s003 syslog-ng[9739]: Syslog connection closed; fd='8', client='AF_INET(10.139.64.126:3766)', local='AF_4:27:03 PM: Chris: INET(xx.xx.xx.xx:8514)'
On Fri, 2009-12-04 at 11:20 -0500, Jimmy McDonald wrote:
I have syslog-ng installed and configured for mutual authentication.
When the client was using a self signed cert it worked. The client now
has a verisign cert.
Imported the CA and an intermediate cert and the public cert so the
chain is complete but the error on authentication says: invalid CA
certificate, depth=2
I have tried putting the pub cert in cert.d with the ca and
intermediate in ca.d. I also tried putting the intermediate in cert.d
I made a hash for the ca and the intermediate.
I'm not really sure what else to try. Any help would be greatly
appreciated.
Can you ensure that "openssl verify" validates your cert in case
syslog-ng doesn't?
--
Bazsi
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html