I wonder if something has changed/broken with TLS for rsyslog as well. About a year ago I created a streamlined version of the rsyslog TLS certificate creation process for our internal use here. It worked for me as well as for others at our company.
However, recently I needed to create some new TLS certificates and could not get them to work. I ran through the rsyslog documentation left/right/up/down and nothing would connect with the more recently created certificates. There were some subtle differences between the new process and what I had previously captured in my streamlined document. Is it possible that something has changed/broken with either TLS support or that the documentation needs updating? If that's a possibility I can try to help here by sharing my previously working procedure. Thanks all, -Derek. On Wed, Dec 5, 2018, 07:32 sophie.loewenthal--- via rsyslog < [email protected] wrote: > Hi Flo, > I tried a few times from scratch and could not get it to work. The > certtool output is different along with the defaults. > > > From: Flo Rance [mailto:[email protected]] > Sent: Wednesday, December 05, 2018 4:06 PM > To: rsyslog-users > Cc: LOEWENTHAL Sophie > Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates > > Hi, > > What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ > ? > > The commands used in it still apply nowadays. > > Regards, > Flo > > On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog < > [email protected]<mailto:[email protected]>> wrote: > Hi, > > One and off for a few months I've been trying toget TLS working with RELP. > I've set up so many certificates for client and servers, and never managed > to them to talk. Frankly, with all the hundreds of options in > openssl/certtool and that the default values and order of questions that > change depending on the version and O/S used, it's bound to god wrong. For > example: this guide from 2013 doesn't work > https://www.rsyslog.com/using-tls-with-relp > > I know that lots of people setting TLS up in rsyslog will be creating > certificates daily, and they know OpenSSL pretty well , but I do not: I > create a certificate once every six months, if this. > > Are there any recent guides to setting this up? Particularly for the part > for creating CA/server/client certificates. > > The actual omrelp/imrelp part is quite straight forward. > > Best wishes, > Sophie > > > > > This message and any attachments (the "message") is > intended solely for the intended addressees and is confidential. > If you receive this message in error,or are not the intended recipient(s), > please delete it and any copies from your systems and immediately notify > the sender. Any unauthorized view, use that does not comply with its > purpose, > dissemination or disclosure, either whole or partial, is prohibited. Since > the internet > cannot guarantee the integrity of this message which may not be reliable, > BNP PARIBAS > (and its subsidiaries) shall not be liable for the message if modified, > changed or falsified. > Do not print this message unless it is necessary, consider the environment. > > > ---------------------------------------------------------------------------------------------------------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le "message") > sont etablis a l'intention exclusive de ses destinataires et sont > confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas destine, > merci de le detruire ainsi que toute copie de votre systeme et d'en avertir > immediatement l'expediteur. Toute lecture non autorisee, toute utilisation > de > ce message qui n'est pas conforme a sa destination, toute diffusion ou > toute > publication, totale ou partielle, est interdite. L'Internet ne permettant > pas d'assurer > l'integrite de ce message electronique susceptible d'alteration, BNP > Paribas > (et ses filiales) decline(nt) toute responsabilite au titre de ce message > dans l'hypothese > ou il aurait ete modifie, deforme ou falsifie. > N'imprimez ce message que si necessaire, pensez a l'environnement. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
