[syslog-ng] error='self signed certificate in certificate chain'

Fekete, Róbert robert.fekete at balabit.com
Fri Mar 11 14:34:45 CET 2016


Hi,

try setting the peer-verify option to required-untrusted (
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html#tls-options-peer-verify
)

HTH,
Robert

On Fri, Mar 11, 2016 at 2:28 PM, Girish Kumar <
girish.kumar at al-enterprise.com> wrote:

> Hi All,
>
> I am getting following error while starting syslog-ng with tls option.
> Could you please help me  on this
>
>
>
> *Mar 12 18:14:24 (none) syslog-ng[6136]: Syslog connection established;
> fd='5', server='AF_INET(10.135.83.103:6514)', local='AF_INET(0.0.0.0:0
> <http://0.0.0.0:0>)'*
>
> *Mar 12 18:14:24 (none) syslog-ng[6136]: Certificate validation failed;
> subject='emailAddress=giri at gmail.com <giri at gmail.com>, CN=girish kumar,
> OU=esd, O=enterprise, L=BAN, ST=KA, C=IN',
> issuer='emailAddress=giri at gmail.com <giri at gmail.com>, CN=girish kumar,
> OU=esd, O=enterprise, L=BAN, ST=KA, C=IN', error='self signed certificate
> in certificate chain', depth='1'*
>
> *Mar 12 18:14:24 (none) syslog-ng[6136]: SSL error while writing stream;
> tls_error='SSL routines:ssl3_get_server_certificate:certificate verify
> failed'*
>
> *Mar 12 18:14:24 (none) syslog-ng[6136]: I/O error occurred while writing;
> fd='5', error='Broken pipe (32)'*
>
> *Mar 12 18:14:24 (none) syslog-ng[6136]: Syslog connection broken; fd='5',
> server='AF_INET(10.135.83.103:6514)', time_reopen='60'*
>
>
>
>
>
> //server conf
>
> source d_source {
>
>           #syslog(ip("mysyslog.server.com") port(6514)
>
>           syslog(ip("10.135.83.103") port(6514)
>
>                     transport("tls")
>
>              tls( key_file("/etc/cert.d/mySerPrivate.key")
>
>              cert_file("/etc/cert.d/mySerCert.pem")
>
>              ca_dir("/etc/ca.d")
>
>              ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11)
>
>         )
>
>     );
>
> };
>
>
>
> //Client conf
>
> destination d_destination
> {
>
>     #syslog("mysyslog.server.com" port(6514)
>
>     syslog("10.135.83.103" port(6514)
>
>                         transport("tls")
>
>         tls( ca_dir("/etc/ca.d")
>
>          key_file("/etc/cert.d/myCliPrivate.key")
>
>          cert_file("/etc/cert.d/myCliCert.pem")
>
>          ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11)
>
>          )
>
>     );
>
> };
>
>
>
> Regard,
>
> Girish
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160311/e42b5dfa/attachment.htm 


More information about the syslog-ng mailing list