[syslog-ng] Syslog-ng error while using TSL

Gergely Nagy algernon at balabit.hu
Thu Apr 28 17:12:27 CEST 2011


Pramod Pillai <pramodpillaip at gmail.com> writes:

> I am getting following error while trying to configure TSL in syslogng
>
> Error On Client
> Certificate validation failed; subject='C=IN, ST=KAR, O=orola,
> CN=12.168.50.192, emailAddress=a at d.com', issuer='C=Generic,
> ST=Generic, O=Generic, CN=Generic_Int_CA_1', error='unable to get
> local issuer certificate', depth='0'
> SSL error while writing stream; tls_error='SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
> I/O error occurred while writing; fd='4', error='Broken pipe (32)'
> Syslog connection broken; fd='4',
> server='AF_INET(10.232.165.128:5695)', time_reopen='60'
>
>
> Error on Server
> SSL error while reading stream; tls_error='SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'

The problem seems to be - as the log message says -, that syslog-ng find
the Certificate Authority to verify the server's certificate.

You probably need to copy the CA cert and set the client up
appropriately.

If you can show a config excerpt, I might be able to help a little more,
but the documentation should be enough to set things up properly.

The relevant part of the documentation is available at the following
URL:

http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-v3.2-guide-admin-en.html/chunk-filename-error-procedure08.html

-- 
|8]


More information about the syslog-ng mailing list