On Tue, 14 Aug 2018, Stephan Seitz wrote:
In the end I want to have a client server configuration like you have for a
web server. The client checks the server certificate, but no client
certificate is needed.
I'll point out that in the web server case, 99% of the time you are moving data
from the server to the client, so it's very important to know the server can be
trusted.
In Rsyslog, the client is sending data to the server, don't you want to know
that the client is legitimate and should be trusted?
If you don't care who the client is, you can put the same client cert everywhere
Also, if you are only running this internally, there's no reason not to generate
your own certs
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
