Yep, I get that. Using TCP 6514 as encrypted and TCP 514 as unencrypted
I would like to configure it so it doesn't require a client cert. I am more interested that the channel is encrypted between client and server. Not worried about mutual auth etc. Thanks, Andrew ________________________________ From: David Lang <da...@lang.hm> Sent: Friday, 7 July 2023 11:44 am To: Andrew Cowan via rsyslog <rsyslog@lists.adiscon.com> Cc: Andrew Cowan <cowan_and...@hotmail.com> Subject: Re: [rsyslog] TLS errors with rsyslog you cannot do both encrypted and unencrypted traffic on the same port, you have to pick which you use. If you try to do a health check to that port, you will either get an error like you are describing, or you will need to do the check via TLS. depending on how you have rsyslog configured, it may or may not require a client cert. David Lang On Thu, 6 Jul 2023, Andrew Cowan via rsyslog wrote: > Hi, > > I am getting the below error messages on my rsyslog server. > > verify error:num=20:unable to get local issuer certificate > > verify error:num=21:unable to verify the first certificate > > TLS connection doesn't appear to be working from client -> rsyslog server on > 6514. > > Looks like a TLS handshake issue, and maybe unable to establish an encrypted > channel. > > Questions. > > > 1. Is there anyway to disable to test. Can send on unencrypted UDP/TCP ok > between client/server. > > > 1. Does the client need a cert. My understanding is it only needs the CA > cert? > > Any help appreciated. > > Thanks, > Andrew > _______________________________________________ > rsyslog mailing list > https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&data=05%7C01%7C%7C1927cc770e2e4857550908db7e7aefb0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638242838722145658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oTWPxlzfhoS96jWIMN3M%2Ftw2MOnLrSUmZSuIuRphUn4%3D&reserved=0<https://lists.adiscon.net/mailman/listinfo/rsyslog> > https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&data=05%7C01%7C%7C1927cc770e2e4857550908db7e7aefb0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638242838722145658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CV6HYGfua94VvJhcNy8l7BtOlRN2bPjgl%2BYVyWJbDGc%3D&reserved=0<http://www.rsyslog.com/professional-services/> > What's up with rsyslog? Follow > https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&data=05%7C01%7C%7C1927cc770e2e4857550908db7e7aefb0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638242838722145658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iig0PP7SON59NJGoByk%2B3lkd6hoGB%2FVS6Uh3F4m81vc%3D&reserved=0<https://twitter.com/rgerhards> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
