Hi These are the config details. I ran truss on server and found that it was looking for some file /data/conf/certifi/<some number>.0 . I didn't understand much Server configurataion source s_LTEMGR_SYSLOG_CLIENTS{ tcp(ip(10.232.165.128) port(6954) tls(key_file("/data/conf/certifi/serverprivkey.pem") cert_file("/data/conf/certifi/servercert.pem") ca_dir("/data/conf/certifi") peer_verify(required-trusted) ) ); }; Client Configuration destination d_SYSLOGNG_SERVER { tcp( "10.232.165.128" port() tls(key_file("/data/conf/certifi/clikey.pem") cert_file("/data/conf/certifi/client.pem") ca_dir("/data/conf/certifi/") peer_verify(required-trusted) ) ); }; On Thu, Apr 28, 2011 at 8:42 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Pramod Pillai <pramodpillaip@gmail.com> writes:
I am getting following error while trying to configure TSL in syslogng
Error On Client Certificate validation failed; subject='C=IN, ST=KAR, O=orola, CN=12.168.50.192, emailAddress=a@d.com', issuer='C=Generic, ST=Generic, O=Generic, CN=Generic_Int_CA_1', error='unable to get local issuer certificate', depth='0' SSL error while writing stream; tls_error='SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' I/O error occurred while writing; fd='4', error='Broken pipe (32)' Syslog connection broken; fd='4', server='AF_INET(10.232.165.128:5695)', time_reopen='60'
Error on Server SSL error while reading stream; tls_error='SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
The problem seems to be - as the log message says -, that syslog-ng find the Certificate Authority to verify the server's certificate.
You probably need to copy the CA cert and set the client up appropriately.
If you can show a config excerpt, I might be able to help a little more, but the documentation should be enough to set things up properly.
The relevant part of the documentation is available at the following URL:
http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-v3.2-guide...
-- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html