This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
siemops
Commodore Commodore
Commodore
‎2018-12-21 19:59
774 views

Syslog NG Smart Connector on Windows - Generating Certs to Receive Encrypted Syslog

We have installed the SmartConnector for Syslog NG Daemon on Windows Server 2012 (R2). This is so that this connector can receive encrypted syslog from Proof Point's email security product.

I have configured the syslog NG connector to listen on port 6514 (per ProofPoint) and also have configured the connector for TLS.

ProofPoint requires that a cert, private key, and root cert be provided to ProofPoint. In turn,  ProofPoint adds these items to their instance in order to send encrypted syslog to our syslog NG connector. I'm "assuming" (config guide is not clear on this) that I need to follow the instructions under "Using a Customer-Supplied Certificate for Syslog NG Setup". However, this set of instructions refers to a number of "openssl" commands be executed to generate some of these items. Unfortunately, it appears Windows 2012 Server does not have an install of openssl.

So how do I accomplish acquiring, generating, and/or providing the following items to ProofPoint, from a syslog NG smart connector installed on a Windows 2012 Server?:

1) The smart connector's (or the server's?) cert

2) The smart connector's (or the server's?) private key

3)  The smart connectors (or the server's?) root cert

My apologies for these questions, ahead of time. This is the first time we've had to do this.

0 Likes
Reply
Report Inappropriate Content
2 Replies
SecLex
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2018-12-27 12:24

Just read into this 

 Generate a CSR on Windows 2012

You would need the following for both systems

  1. Root CA signed - certificate
  2. Sub CA signed - certificate
  3. Machine CA Signed - certificate

For both the connector truststore and the ProofPoint Log Source use the same Root CA and Sub CA certificate, and you would need a machine specific CA signed certificate for both ProofPoint and for the Connector Server.

Validate the full certificate chain prior to installing it on the systems, it should form a hierarchical chain like :

Root CA
             |_  Sub CA
                             |_ Machine CA

 

And do ensure that you follow the TLS specific steps in the official ArcSight Documentation Document.

 

 

Reply
Report Inappropriate Content
siemops
Commodore Commodore
Commodore
‎2019-01-04 22:24

Will research and give it a shot.

Thanks SecLex!

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.