Hello, unable to get local issuer certificate -> syslog-ng does not find a matching CA to check the cert. "openssl verify -CAfile 876f1e28.0 -verbose client.key" Instead execute: openssl verify -CApath foocadir -verbose client.pem //use CApath to see if openssl really finds the ca using the hash, and verify the certificate not the key. On Mon, Mar 9, 2015 at 2:36 PM, Michael Starks < syslog-ng-list@michaelstarks.com> wrote:
On 2015-03-05 18:27, Michael Starks wrote:
I am trying to get mutual authentication working between a syslog-ng server and an Rsyslog client, using startssl.com issued certificates. The client does properly authenticate the server, but syslog-ng does not recognize the client as trusted.
Well, after messing with the CA certificates and finally getting the right combo, I got a message that the cert wasn't valid for that particular purpose (client authentication). Further digging led me to the discovery that startssl.com does not offer client auth certs for their free class 1 certificates--a paid upgrade would be required. This project is not worth spending any money on so I'll just create my own CA and do it the old-fashioned way. Thanks for the help.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq