Hi James, SSL needs x509 certificates. The rsa public key is wrapped into this. I know this deserves a tutorial on it's own... If you google for "openssl generate x509" this will give you a bunch of guides. I would give you a script to do that, unfortunately I don't have one because we use our nxlog management app that automates all this.
Regards, Botond On Thu, 12 Sep 2013 15:10:50 +0100 James Crowley <[email protected]> wrote: > Thanks Botond, appreciate your help. Do you *have* to generate the client > SSL key pairs? Is there not one already available on the machine? > > Apologies if these are really obvious questions - and I realise a little > outside of NXlog itself, but I'm struggling to get the key working. I've > generated a public and private key pair using OpenSSL > > openssl genrsa -aes128 -passout pass:SomePassword -out nxlog_private.pem > 2048 > openssl rsa -in nxlog_private.pem -passin pass:SomePassword -pubout -out > nxlog_public.pem > > placed them in the /cert folder and set the config to > > HTTPSCertFile %CERTDIR%/nxlog_public.pem > HTTPSCertKeyFile %CERTDIR%/nxlog_private.pem > HTTPSKeyPass SomePassword > > but keep getting > > "ERROR SSL error, couldn't read cert, no start line," > > from NXLog. As I understand it that's usually because the files don't > contain the headers... my public.pem file starts with > > -----BEGIN PUBLIC KEY----- > > and the private one starts with > > -----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > DEK-Info: AES-128-CBC,CFB59AFB65500A0CADDE277967C37DF8 > > > am I missing something obvious here? Thanks, > > > On 12 September 2013 14:01, Botond Botyanszki <[email protected]> wrote: > > > Hi, > > > > HTTPSCertFile and HTTPSCertKeyFile are files you need to generate for your > > nxlog client. > > HTTPSCAFile is the CA certificate of the remote peer. > > > > Regards, > > Botond > > > > > > On Thu, 12 Sep 2013 12:00:08 +0100 > > James Crowley <[email protected]> wrote: > > > > > I'm probably failing at a very basic level here, but can anyone explain > > how > > > to get the three keys that seem to be needed for om_http to post to a > > > public HTTPS endpoint? > > > > > > https://collectors.sumologic.com/ is the endpoint we're trying to hit. I > > > can extract the key for the main SSL site. And the CA key (though I'm not > > > clear where in the hierarchy this should be). > > > > > > HTTPSCertFile %CERTDIR%/client-cert.pem > > > HTTPSCertKeyFile %CERTDIR%/client-key.pem > > > HTTPSCAFile %CERTDIR%/ca.pem > > > > > > > > > but that still leves the CertKeyFile and to be honest I don't know enough > > > about how HTTPS/SSL handshakes work to figure out how I get these? > > > > > > Many thanks > > > > > > James > > > > > > ------------------------------------------------------------------------------ > > How ServiceNow helps IT people transform IT departments: > > 1. Consolidate legacy IT systems to a single system of record for IT > > 2. Standardize and globalize service processes across IT > > 3. Implement zero-touch automation to replace manual, redundant tasks > > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk > > _______________________________________________ > > nxlog-ce-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users > > > > > > -- > > --- > James Crowley > CTO, FundApps - a new generation in financial services software - > http://www.fundapps.co/ > Founder, developerFusion - the global developer community - > http://www.developerfusion.com/ > > linkedin: http://linkedin.com/in/jamescrowley > twitter: http://twitter.com/jamescrowley ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
