I think this version is too old.thre was related work not long ago. Rainer
Sent from phone, thus brief. Roman Möller via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mo., 31. Juli 2023, 18:18: > Hello subscribers, > we are using rsyslog with TLS to collect logs transport encrypted from > different logsources. > The used certificates are generated by our company CA for the rsyslog > server but also for the logsources. > > I have used these setting until now (filename gives hint about content): > $DefaultNetstreamDriver gtls > $DefaultNetstreamDriverCAFile > /etc/pki/rsyslog/rootCA_and_intermediateCA-1.pem > $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/rsyslogServer_and_ > intermediateCA-1.crt > $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/rsyslogServer.key > > And the reception of logs worked pretty well so far. > > Now we have a new intermediate CA and the certificate chains look like > this: > +------------+ > | Root-CA | > +------------+ > | > +--------------------+--------------------------+ > | > | > v > v > +--------------------------+ > +--------------------------+ > | Intermediate CA-1 | | Intermediate CA-2 | > +--------------------------+ > +--------------------------+ > | > | > v > v > +-----------------------------------+ > +---------------------------------+ > | Generated the certificate | | Generated certificates | > | for the rsyslog Server | | for yet other logsources | > | but also for other | > +---------------------------------+ > | logsources | > +-----------------------------------+ > > Our rsyslog Server is not able to accept syslog-TLS encrypted traffic from > logsources which have a certificate from Intermediate CA-2. > A test with openssl s_client -connect localhost:6514 shows that the system > only accepts certificates which originate from Intermediate CA-1 > > We are using rsyslogd 8.2102.0-10.el8 (aka 2021.02) at the moment. > > Is it somehow possible to configure the acceptance of certificates from > both Intermediate CAs or is this simply not possible with one instance of > rsyslog? > > Kind regards and thanks in advance, > Roman Möller (He/His) > > > > > > > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
