Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-31-2012, 11:39 AM   #1
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 394

Rep: Reputation: 61
rsyslog with TLS encryption help?

I'm following this document: -

but having a little trouble creating the certificates. The above document seems to imply that you need fully qualified domain names for each machine for the certificates to work. Is this true? I only have IP addresses to work with. Can I encrypt rsyslog traffic for machines with just IP addresses?
Old 07-31-2012, 07:52 PM   #2
LQ Newbie
Registered: May 2008
Posts: 3

Rep: Reputation: 0
You only need the certificate on the destination (server) machine. Your self signed certificate can use an internally generated fqdn as long as your internal dns resolves it. If you're setting this up, maybe consider dropping your logs to somewhere like instead where they'll be more useful to you.
Old 08-02-2012, 06:55 AM   #3
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 394

Original Poster
Rep: Reputation: 61
Okay, here's where I am.

On the server, I've generated the self-signed ca.pem file after creating the private key file ca-key.pem. When generating the ca.pem file, I've used the $HOSTNAME of the server as the Common Name for the certificate and added this to /etc/hosts: -
<the IP address of the machine>
I can ping this, obviously, so that should be okay as h8ck3rs stated above - if I understand correctly.

Now, I understand that I have to create *another* private key file for the machine (server) itself as each machine also needs a machine certificate. To generate this, I need the initial private key (ca-key.pem) and the self-signed CA (ca.pem) to do this.
If I get this correctly, the Common Name for the machine certificate on the server has to match the entry I put in /etc/hosts above. So at the end of generating the machine certificates for the server, I end up with machine-key.pem and machine-ca.pem.

Machine certificates (machine-key.pem and machine-ca.pem) need to be generated from the ca-key.pem and ca.pem files for each machine (be it client or server).

How am I doing so far?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd TLS failiture - 530 Anonymous sessions may not user encryption Qazjap11 Linux - Server 2 10-21-2011 06:07 AM
errno: TLS definition in /lib64/ section .tbss mismatches non-TLS reference johnpaulodonnell Programming 2 07-25-2008 05:37 AM
Good 3270 emulator with SSL/TLS encryption? SlowCoder Linux - Software 5 07-17-2008 07:44 AM
Has anyone got rsyslog to work using TLS? I see traffic, but nothing gets logged? abefroman Linux - Software 0 06-15-2008 11:16 PM
FTP over SSL/TLS (implicit encryption) mikeshn Linux - General 1 06-20-2006 04:06 AM

All times are GMT -5. The time now is 12:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration