Graham, you need to use all three. The CA-File, the Cert-File and the Key-File. Else it will not work.
Florian 2018-05-04 19:06 GMT+02:00 Graham Smith <[email protected]>: > Thank you, Rainer. > >> you may deploy the same certificate with the same name to all clients, if >> that is sufficient for your needs. >> >> Rainer > > This is the client config: > > $DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/int.pem > $DefaultNetstreamDriverCertFile /etc/rsyslog.d/keys/ca.d/cert.pem > $DefaultNetstreamDriverKeyFile /etc/rsyslog.d/keys/ca.d/privkey.pem > > When I comment out the key and cert, the server rejects it-- "peer did not > provide a certificate". > > If I put the cert in the int.pem file the server rejects it-- "peer did not > provide a certificate". > > cert.pem and privkey.pem are the same on the server and client. > > This is the client action: > > action( > type="omfwd" > protocol="tcp" > target="sawmill.co.uk" > port="10514" > template="Format" > StreamDriver="gtls" > StreamDriverMode="1" > StreamDriverAuthMode="x509/name" > StreamDriverPermittedPeers="sawmill.co.uk" > ) > > What have I missed? > > Regards > > Graham > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
