Hi! On Thu, 2011-01-06 at 14:51 +0100, Fabien Bagard wrote:
The CA which was used to sign these certificates is world readable and located in /etc/syslog-ng/certs/CA/
This setup works : server is getting client's logs, and cypherred on the wire.
When I replace peer_verify(optional-untrusted) by peer_verify(required-trusted), in order to get mutual authentication, I get this error :
The syslog-ng do not read all files from the CA dir. It search for CA certificates with the hash value of the subject. So you should rename the CA files (or create a symlink to it) to the mentioned hash value. (And the extension should be .0) The hash value can be calculated with openssl x509 -in <filename> -noout -hash command. Or you can create the symbolic link(s) with the c_rehash command if it available (this command is part of the openssl) -- SZALAY Attila Support (L3) Team Leader e-mail: attila.szalay@balabit.com BalaBit IT Security www.balabit.com H-1115 Bártfai str. 54. Budapest This Communication is Confidential. We only send and receive email on the basis of the terms set out at http://www.balabit.com/disclaimer/.