[syslog-ng] error='self signed certificate in certificate chain'
Girish Kumar
girish.kumar at al-enterprise.com
Fri Mar 11 14:28:45 CET 2016
Hi All,
I am getting following error while starting syslog-ng with tls option. Could you please help me on this
Mar 12 18:14:24 (none) syslog-ng[6136]: Syslog connection established; fd='5', server='AF_INET(10.135.83.103:6514)', local='AF_INET(0.0.0.0:0)'
Mar 12 18:14:24 (none) syslog-ng[6136]: Certificate validation failed; subject='emailAddress=giri at gmail.com, CN=girish kumar, OU=esd, O=enterprise, L=BAN, ST=KA, C=IN', issuer='emailAddress=giri at gmail.com, CN=girish kumar, OU=esd, O=enterprise, L=BAN, ST=KA, C=IN', error='self signed certificate in certificate chain', depth='1'
Mar 12 18:14:24 (none) syslog-ng[6136]: SSL error while writing stream; tls_error='SSL routines:ssl3_get_server_certificate:certificate verify failed'
Mar 12 18:14:24 (none) syslog-ng[6136]: I/O error occurred while writing; fd='5', error='Broken pipe (32)'
Mar 12 18:14:24 (none) syslog-ng[6136]: Syslog connection broken; fd='5', server='AF_INET(10.135.83.103:6514)', time_reopen='60'
//server conf
source d_source {
#syslog(ip("mysyslog.server.com") port(6514)
syslog(ip("10.135.83.103") port(6514)
transport("tls")
tls( key_file("/etc/cert.d/mySerPrivate.key")
cert_file("/etc/cert.d/mySerCert.pem")
ca_dir("/etc/ca.d")
ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11)
)
);
};
//Client conf
destination d_destination {
#syslog("mysyslog.server.com" port(6514)
syslog("10.135.83.103" port(6514)
transport("tls")
tls( ca_dir("/etc/ca.d")
key_file("/etc/cert.d/myCliPrivate.key")
cert_file("/etc/cert.d/myCliCert.pem")
ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11)
)
);
};
Regard,
Girish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160311/2fa97136/attachment.htm
More information about the syslog-ng
mailing list