Pramod Pillai <pramodpillaip@gmail.com> writes:
I am getting following error while trying to configure TSL in syslogng
Error On Client Certificate validation failed; subject='C=IN, ST=KAR, O=orola, CN=12.168.50.192, emailAddress=a@d.com', issuer='C=Generic, ST=Generic, O=Generic, CN=Generic_Int_CA_1', error='unable to get local issuer certificate', depth='0' SSL error while writing stream; tls_error='SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' I/O error occurred while writing; fd='4', error='Broken pipe (32)' Syslog connection broken; fd='4', server='AF_INET(10.232.165.128:5695)', time_reopen='60'
Error on Server SSL error while reading stream; tls_error='SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
The problem seems to be - as the log message says -, that syslog-ng find the Certificate Authority to verify the server's certificate. You probably need to copy the CA cert and set the client up appropriately. If you can show a config excerpt, I might be able to help a little more, but the documentation should be enough to set things up properly. The relevant part of the documentation is available at the following URL: http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-v3.2-guide... -- |8]