LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-31-2012, 10:39 AM   #1
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 385

Rep: Reputation: 61
rsyslog with TLS encryption help?


I'm following this document: -

http://www.rsyslog.com/doc/rsyslog_tls.html

but having a little trouble creating the certificates. The above document seems to imply that you need fully qualified domain names for each machine for the certificates to work. Is this true? I only have IP addresses to work with. Can I encrypt rsyslog traffic for machines with just IP addresses?
 
Old 07-31-2012, 06:52 PM   #2
h8ck3rs
LQ Newbie
 
Registered: May 2008
Posts: 3

Rep: Reputation: 0
You only need the certificate on the destination (server) machine. Your self signed certificate can use an internally generated fqdn as long as your internal dns resolves it. If you're setting this up, maybe consider dropping your logs to somewhere like loggly.com instead where they'll be more useful to you.
 
Old 08-02-2012, 05:55 AM   #3
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 385

Original Poster
Rep: Reputation: 61
Okay, here's where I am.

On the server, I've generated the self-signed ca.pem file after creating the private key file ca-key.pem. When generating the ca.pem file, I've used the $HOSTNAME of the server as the Common Name for the certificate and added this to /etc/hosts: -
Code:
<the IP address of the machine>      my-syslog-server.somedomain.net
I can ping this, obviously, so that should be okay as h8ck3rs stated above - if I understand correctly.

Now, I understand that I have to create *another* private key file for the machine (server) itself as each machine also needs a machine certificate. To generate this, I need the initial private key (ca-key.pem) and the self-signed CA (ca.pem) to do this.
If I get this correctly, the Common Name for the machine certificate on the server has to match the entry I put in /etc/hosts above. So at the end of generating the machine certificates for the server, I end up with machine-key.pem and machine-ca.pem.

Machine certificates (machine-key.pem and machine-ca.pem) need to be generated from the ca-key.pem and ca.pem files for each machine (be it client or server).

How am I doing so far?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd TLS failiture - 530 Anonymous sessions may not user encryption Qazjap11 Linux - Server 2 10-21-2011 05:07 AM
errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference johnpaulodonnell Programming 2 07-25-2008 04:37 AM
Good 3270 emulator with SSL/TLS encryption? SlowCoder Linux - Software 5 07-17-2008 06:44 AM
Has anyone got rsyslog to work using TLS? I see traffic, but nothing gets logged? abefroman Linux - Software 0 06-15-2008 10:16 PM
FTP over SSL/TLS (implicit encryption) mikeshn Linux - General 1 06-20-2006 03:06 AM


All times are GMT -5. The time now is 05:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration