Adding TLS into SyslogNG connector

I am trying add TLS connection between one of our product and SyslogNG connector. With UDP connection syslog works. However when turn on TLS I can´t see any traffic in wireshark.

I have created certificate and keystore in /user/agent folder. Then setup as as written in the documentation. Since UDP works I must be making a mistake in the certificates. What certificates should I use ?
The Product use it is own certificates and CA and smart connectors have another production CA. Do I need a CA signed certificate from Product or do I need to put the Product certificate directly into the truststore in /user/agent folder.

In normal situation there is only one CA and all certs are signed by it and CA certs is imported in main cacerts truststore.



  • Suggested Answer

    Do you want to send data from your your product to the SmartConnector? Then the SmartConnector is the TLS server and your product is the client. So your product must trust the CA that issued the certificate for the SmartConnector.

    You can test the connection with a command like

    openssl s_client -connect -showcerts

    That should establish a connection and tell you that verification is OK. This assumes the SmartConnector's root CA is in the OS' trust store. If not, you can specify it with -CAfile.