[syslog-ng] Syslog-ng mutual self cert authentication
PÁSZTOR György
pasztor at linux.gyakg.u-szeged.hu
Fri Jan 15 17:15:51 CET 2016
Hi,
"Ivan Adji - Krstev" <akivanradix at gmail.com> írta 2016-01-15 15:06-kor:
> Can someone give me the right way to do this as i following this
> tuttorial and still have errors:
> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-ca.html
This guide seems pretty good.
What errors do you have?
This guide assumes, you have a "pki" machine. One machine, where you
generates all the certificates, keys, and do any pki-related thing.
As it is usual.
Then it is consequent with the filenames, so when it shows the server
side's config, and you see a "cacert.pem", it comes from this pki
environment. The same cacert.pem should be applied to the client side.
Step #1:
Does your server start?
Step #2:
Does your client starts?
If it is only a test system, and the keys are not "real secret" yet,
and still have problems, I suggest to use the contrib/syslog-debun
to collect the config and other environment related things from your
client and server side, and send those to me.
I do not know, if .tar.gz attachments are allowed on the mailing list.
But I would gladly check them.
If the server is able to start, then please run the debug bundle collector
with these parameters:
contrib/syslog-debun -d
It will stop the syslog-ng as a system service, and start in foregrund
debug mode, until you press enter. Then it will stop the debug mode
service, and start again the "system service".
Until the server runs in debug mode, please try the same on the client
side.
The most important part of the whole debugging, that I would like to
see the syslog-ng's debug messages and see what happens from the
syslog-ng's point of view.
Cheers,
Gyu
More information about the syslog-ng
mailing list