Good Afternoon, I'm attempting to configure TLS encryption using the rsyslog RELP module on SUSE Enterprise Linux 12 SP2 along with OpenSUSE Leap 42.2 and 42.3 systems using a self-signed CA certificate. I configured tls.authmode = name for certificate-based peer authentication using these instructions: http://www.rsyslog.com/using-tls-with-relp/ and http://requesttutorial.com/configure-ssltls-between-two-rsyslog-systems/. I'm setting the permittedpeer value to the common name value from the certificates.
However, I continue to receive the following message when testing the handshake using gnutls-cli between the server and client instance: The name in the certificate does not match the expected. PKI verification of server certificate failed. Question: How would I discover the correct common name value used by the server for the certificate creation using certtool? I have used the short hostname and fully qualified domain name yet neither of these options worked for me. Is it recommended to use wildcard self-signed certificates on the server and client? I can provide any other information requested on the rsyslog configuration to assist with debugging the issue. Thank you for your time. I appreciate any assistance. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
