I am trying to configure my syslog-ng client to allow only secure TLS connection to servers. as a server I am using rsyslog.
I created a self signed CA certificate and distributed it to server and client, then created a server certificate sign by the CA which I created and edited the relevant configuration files. the connection established successfully.
the problem is that when I delete the CA from server, or give a wrong path in /etc/syslog-ng/remote-syslog-cfg.conf, the connection is still establish! my indication for connection establishment is the logs in /var/log/messages (in client side)
how is it possible? how do I fix it? why does the client allows the connection without valid CA in the client? is it related to the fact that my CA is self signed?
to do it I used this guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/mutual-authentication-using-tls/2#TOPIC-958395
created CA as follow: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/mutual-authentication-using-tls#TOPIC-956370
configured /etc/syslog-ng/remote-syslog-cgf.conf as follow:
`destination remote_log_server_1 {
network("<Server_IP>" port(6514)
transport("tls")
tls( ca-dir("/wrong/path"))
);
};`
or
wrong CA with this configuration configured /etc/syslog-ng/remote-syslog-cgf.conf as follow:
`destination remote_log_server_1 {
network("<Server_IP>" port(6514)
transport("tls")
tls( ca-dir("/right/path"))
);
};`