Hi Bazsi We are still unable to resolve the issue . I see this error. CN=Generic_Int_CA_1', error='unable to get local issuer certificate', depth='0' SSL error while writing stream; tls_error='SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' I am attaching the config file and the certificates which might be helpful to debug the issue. Regards Pramod On Sun, May 22, 2011 at 4:44 PM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, 2011-05-04 at 18:11 +0530, Pramod Pillai wrote:
Hi
I have not yet resolved the issue -:( Few questions This is the error from the client side error='self signed certificate in certificate chain', depth='2'
Our certificates are not self signed . But why is it showing as self signed in the log.
everything is self-signed at the end. an official CA is a self-signed certificate, they just happen to be trusted for one reason or another.
this probably means that the CA certificate is not trusted by syslog-ng, probably because syslog-ng has to be told which CA you trust.
There's a chapter in the documentation on how to set that up, here:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guid...
Is syslog-ng internally configured as self-signed certificate. If Yes where is it stored. Or how to modify it.
Is it possible to configure the depth ?
IIRC no, there's currently no way to configure that, syslog-ng will just accept any certificate depth.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html