Light bulb moment: Can I use the same client cert on all of the clients?
> -----Original Message----- > From: rsyslog [mailto:[email protected]] On Behalf Of > sophie.loewenthal--- via rsyslog > Sent: Tuesday, November 13, 2018 10:06 AM > To: rsyslog-users > Cc: LOEWENTHAL Sophie > Subject: [rsyslog] TLS and rsyslog > > Hi, > > I've read lots of dox on setting up TLS for sending logs and every time I see > one > has to set up a CA and then have a certificate for every client. I'd have to > create > 1001 certificates and then a new client cert for every new server. This is > impractical and the time is not available to perform the task. For > comparison, > we don't require every user's browser to have a client cert to connect with a > webserver, like Paypal, and I use self-signed certs for some internal web > servers. > > In my case the objective to to encrypt the syslog data sent over the network, > but > not to identify the sending machine. > Is there a way to have rsyslog use a self-signed certificate and trust all the > clients that connect over TLS? > > Some examples that suggest using a self-signed CA + clients: > https://access.redhat.com/solutions/519533 > https://waqarafridi.wordpress.com/2015/11/16/configure-ssltls-between-two- > rsyslog-systems/ > And the list goes on. > > Best wishes, > Sophie > > Not working on Mondays/ Travailler sauf le lundi > Team mailbox : [email protected] > or direct [email protected] > > > > > This message and any attachments (the "message") is > intended solely for the intended addressees and is confidential. > If you receive this message in error,or are not the intended recipient(s), > please delete it and any copies from your systems and immediately notify > the sender. Any unauthorized view, use that does not comply with its purpose, > dissemination or disclosure, either whole or partial, is prohibited. Since the > internet > cannot guarantee the integrity of this message which may not be reliable, BNP > PARIBAS > (and its subsidiaries) shall not be liable for the message if modified, > changed or > falsified. > Do not print this message unless it is necessary, consider the environment. > > -------------------------------------------------------------------------------------------------- > -------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le "message") > sont etablis a l'intention exclusive de ses destinataires et sont > confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas destine, > merci de le detruire ainsi que toute copie de votre systeme et d'en avertir > immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de > ce message qui n'est pas conforme a sa destination, toute diffusion ou toute > publication, totale ou partielle, est interdite. L'Internet ne permettant pas > d'assurer > l'integrite de ce message electronique susceptible d'alteration, BNP Paribas > (et ses filiales) decline(nt) toute responsabilite au titre de ce message dans > l'hypothese > ou il aurait ete modifie, deforme ou falsifie. > N'imprimez ce message que si necessaire, pensez a l'environnement. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
