Hi !
I tried to set up a centralized rsyslog server, with cyphered connections.
Both server & client certificates were signed by the same CA.
The problem is my certificates are not trusted :
==> logger/rsyslogd.log <==
2010-12-15T15:17:01.685026+01:00 logging-server rsyslogd: not permitted
to talk to peer, certificate invalid: signer is not a CA
2010-12-15T15:17:01.685895+01:00 logging-server rsyslogd: invalid cert
info: peer provided 1 certificate(s). Certificate 1 info: certificate
valid from DATE to DATE; Certificate public key: RSA; DN:
C=FR,ST=France,L=Paris,O=Parrot S.A.,OU=IT
Department,CN=fr-b-701-006.parrot.biz,EMAIL=fabien.bagard_AT_parrot.com;
Issuer DN: C=FR,ST=France,L=Paris,O=Parrot S.A. Root CA,OU=IT
Department,CN=Parrot S.A. Root CA,EMAIL=root_AT_parrot.com;
==> logger/rsyslogd-2089.log <==
2010-12-15T15:17:01.725557+01:00 logger rsyslogd-2089: netstream session
0x90b55b8 will be closed due to error
[try http://www.rsyslog.com/e/2089 ]
When checking my certificates with gnutls-cli, I get :
...
Other Information:
MD5 fingerprint:
9dbbdeea9cee323e06553e632250d669
SHA-1 fingerprint:
008247f9dcc86bbfe958ef7a1b12ed9917320ad2
Public Key Id:
29dcaddda6746140e556804d7ea4af8fd47e62a5
- The hostname in the certificate matches 'logging-server.parrot.biz'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Session ID:
61:2D:87:98:63:9F:14:EB:11:BB:7A:9F:1B:53:FC:DE:80:E2:4C:7C:C7:3F:15:9B:8A:18:25:6D:35:40:B1:4E
*** Verifying server certificate failed...
Any hints on what's going wrong ?
By the way, I'm pretty sure my certificates are good enough because
certificates were already signed with this CA.
Thanks a lot,
--
Fabien Bagard
IT Department
tel + 33 (0)1 48 03 60 40
--------------------------------------------------------------------------------
Parrot SA
174, Quai de Jemmapes | 75010 Paris - France
tel + 33 (0)1 48 03 60 60 | fax + 33 (0)1 48 03 70 08
http://www.parrot.com
--------------------------------------------------------------------------------
This e-mail message and any attached document(s) are for the sole use of
the intended recipient(s)and may contain confidential and legally
privileged information.
Any unauthorized review, copy, use and/or disclosure is prohibited.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
