syslog-ng secure TLS connection establish with wrong certificate or without certificate at all

89 Views Asked by At

I am trying to configure my syslog-ng client to allow only secure TLS connection to servers. as a server I am using rsyslog.

I created a self signed CA certificate and distributed it to server and client, then created a server certificate sign by the CA which I created and edited the relevant configuration files. the connection established successfully.

the problem is that when I delete the CA from server, or give a wrong path in /etc/syslog-ng/remote-syslog-cfg.conf, the connection is still establish! my indication for connection establishment is the logs in /var/log/messages (in client side)

how is it possible? how do I fix it? why does the client allows the connection without valid CA in the client? is it related to the fact that my CA is self signed?

to do it I used this guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/mutual-authentication-using-tls/2#TOPIC-958395

created CA as follow: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/mutual-authentication-using-tls#TOPIC-956370

configured /etc/syslog-ng/remote-syslog-cgf.conf as follow:

`destination remote_log_server_1 {
network("<Server_IP>" port(6514)
transport("tls")
tls( ca-dir("/wrong/path"))
);
};`

or

wrong CA with this configuration configured /etc/syslog-ng/remote-syslog-cgf.conf as follow:

`destination remote_log_server_1 {
network("<Server_IP>" port(6514)
transport("tls")
tls( ca-dir("/right/path"))
);
};`
0

There are 0 best solutions below