Okay, here's where I am.
On the server, I've generated the self-signed ca.pem file after creating the private key file ca-key.pem. When generating the ca.pem file, I've used the $HOSTNAME of the server as the Common Name for the certificate and added this to /etc/hosts: -
<the IP address of the machine> my-syslog-server.somedomain.net
I can ping this, obviously, so that should be okay as h8ck3rs stated above - if I understand correctly.
Now, I understand that I have to create *another* private key file for the machine (server) itself as each machine also needs a machine certificate. To generate this, I need the initial private key (ca-key.pem) and the self-signed CA (ca.pem) to do this.
If I get this correctly, the Common Name for the machine certificate on the server has to match the entry I put in /etc/hosts above. So at the end of generating the machine certificates for the server, I end up with machine-key.pem and machine-ca.pem.
Machine certificates (machine-key.pem and machine-ca.pem) need to be generated from the ca-key.pem and ca.pem files for each machine (be it client or server).
How am I doing so far?