[syslog-ng] Syslog-ng mutual self cert authentication

Ivan Adji - Krstev akivanradix at gmail.com
Tue Jan 12 12:08:23 CET 2016


Hi all,
I'm truing to make mutual self cert authentication with Syslog-NG and
using LogAnalyzer to see the logs.
I have done the following:

*Server configuration:*
Creating a CA
making directory and put the openssl.cnf file in the directory etc.
do the following command:
1. openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem
-days 365 -config openssl.cnf
2. openssl req -nodes -new -x509 -keyout serverkey.pem -out
serverreq.pem -days 365 -config openssl.cnf
3. openssl x509 -x509toreq -in serverreq.pem -signkey serverkey.pem -out
tmp.pem
4. openssl ca -config openssl.cnf -policy policy_anything -out
servercert.pem -infiles tmp.pem
5. In */etc/syslog-ng/* create directory *cert.d* and *ca.d* copy the
*serverkey.pem* and *servercert.pem* to *cert.d* and copy *cacert.pem*
to *ca.d*. Go to *ca.d* and issue the following command *"openssl x509
-noout -hash -in cacert.pem"* and do the link *"ln -s cacert.pem 6d2962a8.0"
*6. On the syslog-ng.conf file i put the following changes:
***************************************
source s_sys {
       system();
       internal();
       network(
       port(6514)
       file("/proc/kmsg" log_prefix("kernel: "));
       transport("tls")
       tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
             cert_file("/etc/syslog-ng/cert.d/servercert.pem")
             ca_dir("/etc/syslog-ng/ca.d"))
);
};
********************************************
And restart the service

==================
*Client Configuration*
Creating CA
making directory and put the openssl.cnf file in the directory etc.
do the following command
1. openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem
-days 365 -config openssl.cnf
2. openssl req -nodes -new -x509 -keyout clientkey.pem -out
clientreq.pem -days 365 -config openssl.cnf
3. openssl x509 -x509toreq -in clientreq.pem -signkey clientkey.pem -out
tmp.pem
4. openssl ca -config openssl.cnf -policy policy_anything -out
clientcert.pem -infiles tmp.pem
5. In */etc/syslog-ng/* create directory *cert.d* and *ca.d* copy the
*"clientkey.pem" *and *"clientcert.pem" *to *"cert.d" *and copy
*"cacert.pem" *to *"ca.d" *and issue the following command in the *ca.d*
directory. *openssl x509 -noout -hash -in cacert.pem *and *ln -s
cacert.pem 6d2962a8.0
*6. add the following to the *syslog-ng.conf* file
******************************************************
destination d_tcp {
        tcp("192.168.111.176" port(6514)
        tls( ca_dir("/etc/syslog-ng/ca.d")
             key_file("/etc/syslog-ng/cert.d/clientkey.pem")
             cert_file("/etc/syslog-ng/cert.d/clientcert.pem") )
            ); };
***************************************************************

And finally i have the following errors :)
Jan 12 11:58:02 syslogserver syslog-ng[5507]: Syslog connection
accepted; fd='16', client='AF_INET(192.168.111.104:45631)',
local='AF_INET(0.0.0.0:6514)'
Jan 12 11:58:02 syslogserver syslog-ng[5507]: SSL error while reading
stream; tls_error='SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
Jan 12 11:58:02 syslogserver syslog-ng[5507]: I/O error occurred while
reading; fd='16', error='Connection reset by peer (104)'
Jan 12 11:58:02 syslogserver syslog-ng[5507]: Syslog connection closed;
fd='16', client='AF_INET(192.168.111.104:45631)',
local='AF_INET(0.0.0.0:6514)'
Jan 12 11:58:12 syslogserver syslog-ng[5507]: Syslog connection
accepted; fd='16', client='AF_INET(192.168.111.104:58937)',
local='AF_INET(0.0.0.0:6514)'
Jan 12 11:58:12 syslogserver syslog-ng[5507]: SSL error while reading
stream; tls_error='SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
Jan 12 11:58:12 syslogserver syslog-ng[5507]: I/O error occurred while
reading; fd='16', error='Connection reset by peer (104)'
Jan 12 11:58:12 syslogserver syslog-ng[5507]: Syslog connection closed;
fd='16', client='AF_INET(192.168.111.104:58937)',
local='AF_INET(0.0.0.0:6514)'

Can someone help me with this and tell me what im doing wrong ?

Thanks in advanced !

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160112/87e1a975/attachment.htm 


More information about the syslog-ng mailing list