[syslog-ng] Syslog-ng error while using TSL

Sandor Geller Sandor.Geller at morganstanley.com
Mon May 2 17:15:11 CEST 2011


That is the hash. 'openssl x509 -hash -noout -in <certfile>' will tell
you what the number should be for a given certificate. just symlink it
as <number>.0 or when there is already a .0-suffixed link (hash
collisions could occur) then as just increase the suffix to .1 and so
on...

This hash is used for looking up the certificate of the issuer without
reading all files.

On Mon, May 2, 2011 at 4:43 PM, Pramod Pillai <pramodpillaip at gmail.com> wrote:
> Hi
> These are the config details.
> I ran truss on server and found that it was looking for some file
> /data/conf/certifi/<some number>.0 . I didn't understand much
>
> Server configurataion
> source s_LTEMGR_SYSLOG_CLIENTS{ tcp(ip(10.232.165.128) port(6954)
>
>            tls(key_file("/data/conf/certifi/serverprivkey.pem")
>                cert_file("/data/conf/certifi/servercert.pem")
>                ca_dir("/data/conf/certifi")
>                peer_verify(required-trusted)
>            )
>        );
> };
>
>
> Client Configuration
> destination d_SYSLOGNG_SERVER { tcp( "10.232.165.128" port()
>            tls(key_file("/data/conf/certifi/clikey.pem")
>                cert_file("/data/conf/certifi/client.pem")
>                ca_dir("/data/conf/certifi/")
>                peer_verify(required-trusted)
>            )
>     );
> };
>
>
> On Thu, Apr 28, 2011 at 8:42 PM, Gergely Nagy <algernon at balabit.hu> wrote:
>> Pramod Pillai <pramodpillaip at gmail.com> writes:
>>
>>> I am getting following error while trying to configure TSL in syslogng
>>>
>>> Error On Client
>>> Certificate validation failed; subject='C=IN, ST=KAR, O=orola,
>>> CN=12.168.50.192, emailAddress=a at d.com', issuer='C=Generic,
>>> ST=Generic, O=Generic, CN=Generic_Int_CA_1', error='unable to get
>>> local issuer certificate', depth='0'
>>> SSL error while writing stream; tls_error='SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
>>> I/O error occurred while writing; fd='4', error='Broken pipe (32)'
>>> Syslog connection broken; fd='4',
>>> server='AF_INET(10.232.165.128:5695)', time_reopen='60'
>>>
>>>
>>> Error on Server
>>> SSL error while reading stream; tls_error='SSL
>>> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
>>
>> The problem seems to be - as the log message says -, that syslog-ng find
>> the Certificate Authority to verify the server's certificate.
>>
>> You probably need to copy the CA cert and set the client up
>> appropriately.
>>
>> If you can show a config excerpt, I might be able to help a little more,
>> but the documentation should be enough to set things up properly.
>>
>> The relevant part of the documentation is available at the following
>> URL:
>>
>> http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-v3.2-guide-admin-en.html/chunk-filename-error-procedure08.html
>>
>> --
>> |8]
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


More information about the syslog-ng mailing list