[syslog-ng] Mutual Authentication and Encryption With Rsyslog
Laci Mészáros
lacienator at gmail.com
Mon Mar 9 08:54:38 CET 2015
Hy Michae,
Sorry for the late answer. I try to reproduce the case and inform you about
the result
Br,
Laci
2015.03.08. 2:53 ezt írta ("Michael Starks" <
syslog-ng-list at michaelstarks.com>):
> On 03/05/2015 11:50 PM, Laci Mészáros wrote:
> > Hello,
> >
> > Have you tried syslog-ng start in forward-mode and verbose (-Fdve)? In
> > that case after the first message you can check the SSL error message
> > during the authentication. It could show you the problem with the
> > certificates.
> >
> > Br,
> > Laci
>
> Thanks for the reply. I tried forward mode and I got these relevant
> messages:
>
> Syslog connection accepted; fd='10', client='AF_INET(1.2.3.4:37464)',
> local='AF_INET(0.0.0.0:6514)'
> Certificate validation failed;
> subject='emailAddress=address at example.com, CN=sub.example.com, C=US',
> issuer='CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure
> Digital Certificate Signing, O=StartCom Ltd., C=IL', error='unable to
> get local issuer certificate', depth='0'
> SSL error while reading stream; tls_error='SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned'
> I/O error occurred while reading; fd='10', error='Connection reset by
> peer (104)'
> Syslog connection closed; fd='10',
> client='AF_INET(52.10.218.147:37464)', local='AF_INET(0.0.0.0:6514)'
>
> I am using ca-bundle.pem from startssl.com and the signed certificate
> validates on both the client and server using openssl verify.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150309/98898989/attachment.htm
More information about the syslog-ng
mailing list