[syslog-ng] Mutual Authentication and Encryption With Rsyslog

Pallagi, Zoltán zoltan.pallagi at balabit.com
Mon Mar 9 14:48:38 CET 2015


Hello,

unable to get local issuer certificate -> syslog-ng does not find a
matching CA to check the cert.

"openssl verify -CAfile 876f1e28.0 -verbose client.key"

Instead execute:
openssl verify -CApath foocadir -verbose client.pem
//use CApath to see if openssl really finds the ca using the hash, and
verify the certificate not the key.

On Mon, Mar 9, 2015 at 2:36 PM, Michael Starks <
syslog-ng-list at michaelstarks.com> wrote:

> On 2015-03-05 18:27, Michael Starks wrote:
> > I am trying to get mutual authentication working between a syslog-ng
> > server and an Rsyslog client, using startssl.com issued certificates.
> > The client does properly authenticate the server, but syslog-ng does
> > not
> > recognize the client as trusted.
>
> Well, after messing with the CA certificates and finally getting the
> right combo, I got a message that the cert wasn't valid for that
> particular purpose (client authentication). Further digging led me to
> the discovery that startssl.com does not offer client auth certs for
> their free class 1 certificates--a paid upgrade would be required. This
> project is not worth spending any money on so I'll just create my own CA
> and do it the old-fashioned way. Thanks for the help.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150309/c909e851/attachment.htm 


More information about the syslog-ng mailing list