[rsyslog] Support for multiple certificate chains (TLS)

Roman Möller via rsyslog Mon, 31 Jul 2023 09:18:16 -0700

Hello subscribers,
we are using rsyslog with TLS to collect logs transport encrypted from 
different logsources. 
The used certificates are generated by our company CA for the rsyslog server 
but also for the logsources.


I have used these setting until now (filename gives hint about content):
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/rootCA_and_intermediateCA-1.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/rsyslogServer_and_ 
intermediateCA-1.crt
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/rsyslogServer.key

And the reception of logs worked pretty well so far.

Now we have a new intermediate CA and the certificate chains look like this:
                               +------------+
                               | Root-CA |
                               +------------+
                                         |            
            +--------------------+--------------------------+
            |                                                                |
            v                                                                v
   +--------------------------+                   +--------------------------+
   | Intermediate CA-1 |                   | Intermediate CA-2 |
   +--------------------------+                   +--------------------------+
             |                                                                |
             v                                                                v
+-----------------------------------+           
+---------------------------------+
| Generated the certificate |           | Generated certificates   |
| for the rsyslog Server        |           | for yet other logsources |
| but also for other               |           
+---------------------------------+
| logsources                           |
+-----------------------------------+

Our rsyslog Server is not able to accept syslog-TLS encrypted traffic from 
logsources which have a certificate from Intermediate CA-2. 
A test with openssl s_client -connect localhost:6514 shows that the system only 
accepts certificates which originate from Intermediate CA-1

We are using rsyslogd  8.2102.0-10.el8 (aka 2021.02) at the moment.

Is it somehow possible to configure the acceptance of certificates from both 
Intermediate CAs or is this simply not possible with one instance of rsyslog?

Kind regards and thanks in advance,
Roman Möller (He/His)






_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] Support for multiple certificate chains (TLS)

Reply via email to