[syslog-ng] Authentication problem
SZALAY Attila
sasa at balabit.hu
Thu Jan 6 15:05:49 CET 2011
Hi!
On Thu, 2011-01-06 at 14:51 +0100, Fabien Bagard wrote:
>
> The CA which was used to sign these certificates is world readable and
> located in /etc/syslog-ng/certs/CA/
>
> This setup works : server is getting client's logs, and cypherred on
> the wire.
>
> When I replace peer_verify(optional-untrusted) by
> peer_verify(required-trusted), in order to get mutual authentication,
> I get this error :
The syslog-ng do not read all files from the CA dir. It search for CA
certificates with the hash value of the subject. So you should rename
the CA files (or create a symlink to it) to the mentioned hash value.
(And the extension should be .0)
The hash value can be calculated with
openssl x509 -in <filename> -noout -hash
command.
Or you can create the symbolic link(s) with the c_rehash command if it
available (this command is part of the openssl)
--
SZALAY Attila
Support (L3) Team Leader
e-mail: attila.szalay at balabit.com
BalaBit IT Security
www.balabit.com
H-1115 Bártfai str. 54. Budapest
This Communication is Confidential. We only send and receive email on
the basis of the terms set out at http://www.balabit.com/disclaimer/.
More information about the syslog-ng
mailing list