[syslog-ng] Question about verisign certs
isleofdogs at gmail.com
Wed Dec 9 22:30:58 CET 2009
The verify works fine.
The client gives the following error now that things have been
configured to get the verify to return OK
tss4s003 syslog-ng: Syslog connection accepted; fd='8',
Dec 9 16:24:25 tss4s003 syslog-ng: Certificate validation
failed; subject='OU=Class 3 Public Primary Certification Authority,
O=VeriSign\, Inc., C=US', issuer='OU=Class 3 Public Primary
Certification Authority, O=VeriSign\, Inc., C=US', error='invalid CA
Dec 9 16:24:25 tss4s003 syslog-ng: SSL error while reading
stream; tls_error='SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
Dec 9 16:24:25 tss4s003 syslog-ng: I/O error occurred while
reading; fd='8', error='Connection reset by peer (131)'
Dec 9 16:24:25 tss4s003 syslog-ng: Syslog connection closed;
fd='8', client='AF_INET(10.139.64.126:3766)', local='AF_4:27:03 PM:
Sent from my iPhone... So expect typos.
On Dec 6, 2009, at 10:24 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> On Fri, 2009-12-04 at 11:20 -0500, Jimmy McDonald wrote:
>> I have syslog-ng installed and configured for mutual authentication.
>> When the client was using a self signed cert it worked. The client
>> has a verisign cert.
>> Imported the CA and an intermediate cert and the public cert so the
>> chain is complete but the error on authentication says: invalid CA
>> certificate, depth=2
>> I have tried putting the pub cert in cert.d with the ca and
>> intermediate in ca.d. I also tried putting the intermediate in cert.d
>> I made a hash for the ca and the intermediate.
>> I'm not really sure what else to try. Any help would be greatly
> Can you ensure that "openssl verify" validates your cert in case
> syslog-ng doesn't?
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the syslog-ng