I am trying to get Ubuntu 22.04 rsyslog clients to connect to a Red Hat 8.8 rsyslog server using RELP over TLS. The Red Hat server has been configured using the guidelines supplied by Red Hat. Both client and server have certificates issued by a common certificate authority.. The Ubuntu client is running apparmor. However the local apparmor config for rsyslog has been updated to include the client certificate path with the root permission set to r in the apparmor config. I can do an openssl s_client -connect to the rsyslog server with the CAfile, client certificate and key for the rsyslog client. When I attempt to start the rsyslog service I am getting "omrelp[server-FQDN:server port} error 'relpTcpInitTLS: Error CA certificate could not be accessed. Is the file at the right path ? And do we have the permissions?....."
I have tried putting apparmor into complain mode and stopping the apparmor service altogether. Neither had any effect. Is it something to do with the hostname and subjectAltName. The machine does have a FQDN rather than a short hostname but it looks like the hostname used by rsyslog is the short Ubuntu hostname. Im looking for suggestions. thanks Garry _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
