0

I'm trying to do a secured transfer to syslog server via tcp from a device. I have generated certificates in server side and copied the cacert.pem to client side. When i try to send a message from to server i receive following error.

"Certificate subject does not match configured hostname; hostname='10.17.31.33', certificate='SP'"

Please have a look at following config files

Server Side config:

tcp

 (

     port(1999)

         tls

          (

             ca_dir("/etc/syslog-ng/ras.d/demoCA/")

              key_file("/etc/syslog-ng/ras.d/my_ipv4-server.key")

             cert_file("/etc/syslog-ng/ras.d/my_ipv4-server.csr")

             peer_verify(optional-untrusted)

          )

 );

 };

Client side config:

destination df_remote_1 {tcp("10.17.31.33" port(1999)

 tls(ca_dir("/etc/syslog-ng/ca.d")));};

 log { source(s_all); filter(f_remote); destination(df_remote_1);};

I'm new to syslog someone please help me understand the issue and fix it.

ANjaNA
  • 1,404
  • 2
  • 16
  • 29
user3446120
  • 77
  • 7
  • To have the certificate match, you need to address the host by the name the certificate is valid for, **not its ip address**. – fvu Jun 08 '15 at 10:59
  • so is that so i cannot do secured transfer to syslog server via its IP address? – user3446120 Jun 08 '15 at 11:05
  • You can create a certificate that's bound to an ip address (by giving the ip address as the common name and not the host name), discussed in more detail [here](http://stackoverflow.com/questions/1095780/are-ssl-certificates-bound-to-the-servers-ip-address). It's an uncommon use case but it's possible. – fvu Jun 08 '15 at 11:17

0 Answers0