[syslog-ng] Syslog-ng error while using TSL

Pramod Pillai pramodpillaip at gmail.com
Thu May 26 18:55:41 CEST 2011


Hi Bazsi

We are still unable to resolve the issue .
I see this error.
 CN=Generic_Int_CA_1', error='unable to get local issuer certificate', depth='0'
SSL error while writing stream; tls_error='SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'

I am attaching the config file and the certificates which might be
helpful to debug the issue.

Regards
Pramod

On Sun, May 22, 2011 at 4:44 PM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> On Wed, 2011-05-04 at 18:11 +0530, Pramod Pillai wrote:
>> Hi
>>
>> I have not yet resolved the issue -:(
>> Few questions
>> This is the error from the client side
>> error='self signed certificate in certificate chain', depth='2'
>>
>> Our certificates are not self signed . But why is it showing as self
>> signed in the log.
>
> everything is self-signed at the end. an official CA is a self-signed
> certificate, they just happen to be trusted for one reason or another.
>
> this probably means that the CA certificate is not trusted by syslog-ng,
> probably because syslog-ng has to be told which CA you trust.
>
> There's a chapter in the documentation on how to set that up, here:
>
> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/chapter-encrypted-transport-tls.html
>
>> Is  syslog-ng  internally configured as self-signed certificate.  If
>> Yes where is it stored. Or how to modify it.
>>
>> Is it possible to configure the depth ?
>
> IIRC no, there's currently no way to configure that, syslog-ng will just
> accept any certificate depth.
>
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog_files.zip
Type: application/zip
Size: 3945 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110526/d24913da/attachment.zip 


More information about the syslog-ng mailing list