Hi, I'm using syslog-ng OSE with encrypted message transport thanks to TLS for few week. Now I try to activate the mutual authentication option. I have several issues with the TLS mutual authentication logs error : Jun 4 16:01:31 desktop syslog-ng[26644]: SSL error while reading stream; tls_error='SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca' Jun 4 16:01:31 desktop syslog-ng[26644]: I/O error occurred while reading; fd='14', error='Connection reset by peer (104)' Jun 4 16:01:31 desktop syslog-ng[26644]: Syslog connection closed; fd='14', client='AF_INET(10.254.1.172:43751)', local='AF_INET( <http://0.0.0.0:9999> 0.0.0.0:9999) This is samples of config file: Server : source s_net_tls { tcp(port(9999) tls(key_file("/etc/pfc/credentials/Server/server.key") cert_file("/etc/pfc/credentials/Server/server.pem") ca_dir("/etc/pfc/credentials/CA/") # peer_verify(optional-untrusted) peer_verify(required-trusted) ) ); }; Client : destination d_remote_server_tls { tcp("10.254.1.141" port(9999) tls(ca_dir("/etc/pfc/credentials/CA") key_file("/etc/pfc/credentials/Client/client.key") cert_file("/etc/pfc/credentials/Client/client.pem") peer_verify(required-trusted) # peer_verify(optional-untrusted) )); }; here is how I generated my CA certificate, server and client certificate : openssl genrsa 1024 > CA/ca.key openssl req -new -x509 -days 365 -key CA/ca.key -out CA/ca.cert cat CA/ca.cert CA/ca.key > CA/ca.pem openssl genrsa 1024 > Client/client.key openssl req -new -key Client/client.key -out Client/client.csr openssl x509 -req -days 365 -in Client/client.csr -CA CA/ca.cert -CAkey CA/ca.key -set_serial 01 -out Client/client.cert cat Client/client.cert Client/client.key > Client/client.pem openssl genrsa 1024 > Server/server.key openssl req -new -key Server/server.key -out Server/server.csr openssl x509 -req -days 365 -in Server/server.csr -CA CA/ca.cert -CAkey CA/ca.key -set_serial 01 -out Server/server.cert cat Server/server.cert Server/server.key > Server/server.pem Of course I done the link with Openssl x509 -noout -hash -in ca.pem Ln -s ca.pem XXXX If anyone can help me, or give a step by step procedure that works. I also tried the procedure described in the "Syslog-nd admin guide" it doesn't work too. Regards Thomas ------------------- Thomas Hahusseau Apprenti ingénieur EADS - DS / ENST Bretagne