Thanks David I have tried running it with ryslogd -n as root but it gives the same error message. I made sure before running it that the rsyslog service and the syslog socket were stopped but it gives the same error. I should also say that I have switched to openssl when the omrelp module is loaded. It appears to be very similar to this question asked on stackoverflow at the start of January ubuntu with syslog with TLS and RELP certificate error <https://stackoverflow.com/questions/77771294/syslog-with-tls-and-relp-certificate-error-issues> Garry
On Mon, Feb 5, 2024 at 3:49 PM David Lang <da...@lang.hm> wrote: > on many systems, the permissions of a program started at boot are no > longer > simple root (systemd is being configured to to retrict the programs > significantly > > So I would suggest that you try starting rsyslog as root manually and see > if > that avoids this error message. If so, then it's a difference in the > permissions > when run as root vs when started at boot. > > David Lang > > On Mon, 5 Feb 2024, Garry Allen via rsyslog wrote: > > > I am trying to get Ubuntu 22.04 rsyslog clients to connect to a Red Hat > 8.8 > > rsyslog server using RELP over TLS. The Red Hat server has been > configured > > using the guidelines supplied by Red Hat. Both client and server have > > certificates issued by a common certificate authority.. The Ubuntu client > > is running apparmor. However the local apparmor config for rsyslog has > been > > updated to include the client certificate path with the root permission > set > > to r in the apparmor config. > > I can do an openssl s_client -connect to the rsyslog server with the > > CAfile, client certificate and key for the rsyslog client. When I attempt > > to start the rsyslog service I am getting > > "omrelp[server-FQDN:server port} error 'relpTcpInitTLS: Error CA > > certificate could not be accessed. Is the file at the right path ? And do > > we have the permissions?....." > > > > I have tried putting apparmor into complain mode and stopping the > apparmor > > service altogether. Neither had any effect. > > Is it something to do with the hostname and subjectAltName. The machine > > does have a FQDN rather than a short hostname but it looks like the > > hostname used by rsyslog is the short Ubuntu hostname. Im looking for > > suggestions. > > thanks > > Garry > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
