[syslog-ng] Syslog-ng mutual self cert authentication

Ivan Adji - Krstev akivanradix at gmail.com
Sat Jan 16 02:00:08 CET 2016


Hi Pasztor,
The problem here is that i don't get the right procedure with the cert.
I get the privet and public key and all other stuff, but i can't get the
point in this scenario what is the certificate what is the private and
public.
So i have***"cakey.pem"* which is private and *"cacert.pem******"* then
i have *"serverkey.pem**"* and *"**serverrreq.pem**"* which is also
private and than *"**servercert.pem**"*. So to be honest i realy don't
get the right point here which is CA which is public cert and what need
to be signed from where ? And all this files im not sure which to use
where as all this to me get confused as i read the commands and see that
nothing is connected form the tutorial.

Kind regards
Ivan


On 01/15/2016 05:15 PM, PÁSZTOR György wrote:
> Hi,
>
> "Ivan Adji - Krstev" <akivanradix at gmail.com> írta 2016-01-15 15:06-kor:
>> Can someone give me the right way to do this as i following this
>> tuttorial and still have errors:
>> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-ca.html
> This guide seems pretty good.
> What errors do you have?
> This guide assumes, you have a "pki" machine. One machine, where you
> generates all the certificates, keys, and do any pki-related thing.
> As it is usual.
> Then it is consequent with the filenames, so when it shows the server
> side's config, and you see a "cacert.pem", it comes from this pki
> environment. The same cacert.pem should be applied to the client side.
>
> Step #1:
> Does your server start?
> Step #2:
> Does your client starts?
>
> If it is only a test system, and the keys are not "real secret" yet,
> and still have problems, I suggest to use the contrib/syslog-debun
> to collect the config and other environment related things from your
> client and server side, and send those to me.
> I do not know, if .tar.gz attachments are allowed on the mailing list.
> But I would gladly check them.
>
> If the server is able to start, then please run the debug bundle collector
> with these parameters:
> contrib/syslog-debun -d
> It will stop the syslog-ng as a system service, and start in foregrund
> debug mode, until you press enter. Then it will stop the debug mode
> service, and start again the "system service".
>
> Until the server runs in debug mode, please try the same on the client
> side.
> The most important part of the whole debugging, that I would like to
> see the syslog-ng's debug messages and see what happens from the
> syslog-ng's point of view.
>
> Cheers,
> Gyu
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160116/c3ab0390/attachment.htm 


More information about the syslog-ng mailing list