Hi there,
we've issued a TLS certificate from our internal standalone PKI and
configured it and the corresponding certificate chain to use syslog-TLS
with rsyslog.
Everything works fine so far. We receiving TLS encrypted syslog from
devices which are capable to send via encrypted syslog.
Now we have a new requirement.
We have a certain client device we want to connect to our rsyslog but
this device has a certificate from a public PKI. We cannot change the
certificate on the client site because the certificate there is needed
for other purposes.
We have to adapt on the receiver site.
I've tried to put all certificates in the same CA file for
"DefaultNetstreamDriverCAFile" but rsyslog seems to pick just one of
them to represent it to the client.
I keep getting the error "not permitted to talk to peer, certificate
invalid: signer not found" in the rsyslog log.
Is it even possible to have multiple certificate chains or is just one
chain supported?
Kind regards
R. Moeller
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
