Syslog NG Smart Connector on Windows - Generating Certs to Receive Encrypted Syslog
We have installed the SmartConnector for Syslog NG Daemon on Windows Server 2012 (R2). This is so that this connector can receive encrypted syslog from Proof Point's email security product.
I have configured the syslog NG connector to listen on port 6514 (per ProofPoint) and also have configured the connector for TLS.
ProofPoint requires that a cert, private key, and root cert be provided to ProofPoint. In turn, ProofPoint adds these items to their instance in order to send encrypted syslog to our syslog NG connector. I'm "assuming" (config guide is not clear on this) that I need to follow the instructions under "Using a Customer-Supplied Certificate for Syslog NG Setup". However, this set of instructions refers to a number of "openssl" commands be executed to generate some of these items. Unfortunately, it appears Windows 2012 Server does not have an install of openssl.
So how do I accomplish acquiring, generating, and/or providing the following items to ProofPoint, from a syslog NG smart connector installed on a Windows 2012 Server?:
1) The smart connector's (or the server's?) cert
2) The smart connector's (or the server's?) private key
3) The smart connectors (or the server's?) root cert
My apologies for these questions, ahead of time. This is the first time we've had to do this.
Just read into this
You would need the following for both systems
- Root CA signed - certificate
- Sub CA signed - certificate
- Machine CA Signed - certificate
For both the connector truststore and the ProofPoint Log Source use the same Root CA and Sub CA certificate, and you would need a machine specific CA signed certificate for both ProofPoint and for the Connector Server.
Validate the full certificate chain prior to installing it on the systems, it should form a hierarchical chain like :
|_ Sub CA
|_ Machine CA
And do ensure that you follow the TLS specific steps in the official ArcSight Documentation Document.