Hello,

unable to get local issuer certificate -> syslog-ng does not find a matching CA to check the cert.

"openssl verify -CAfile 876f1e28.0 -verbose client.key"

Instead execute:

openssl verify -CApath foocadir -verbose client.pem

//use CApath to see if openssl really finds the ca using the hash, and verify the certificate not the key.

On Mon, Mar 9, 2015 at 2:36 PM, Michael Starks <syslog-ng-list@michaelstarks.com> wrote:

On 2015-03-05 18:27, Michael Starks wrote:
> I am trying to get mutual authentication working between a syslog-ng
> server and an Rsyslog client, using startssl.com issued certificates.
> The client does properly authenticate the server, but syslog-ng does
> not
> recognize the client as trusted.

Well, after messing with the CA certificates and finally getting the
right combo, I got a message that the cert wasn't valid for that
particular purpose (client authentication). Further digging led me to
the discovery that startssl.com does not offer client auth certs for
their free class 1 certificates--a paid upgrade would be required. This
project is not worth spending any money on so I'll just create my own CA
and do it the old-fashioned way. Thanks for the help.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq