SSL Certificate Error for im_ssl
I'm trying to capture Secure Syslog from an external source. The sender is green lights, but the NXLog.log file is showing a lot of this:
2024-01-22 15:58:08 INFO nxlog-ce-3.2.2329 started
2024-01-22 15:58:08 INFO connecting to 127.0.0.1:6515
2024-01-22 15:58:08 INFO successfully connected to 127.0.0.1:6515…
…
2024-01-22 16:14:32 WARNING SSL connection closed from (IP_REDACTED):53601
2024-01-22 16:14:32 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
2024-01-22 16:14:32 WARNING SSL connection closed from (IP_REDACTED):46645
2024-01-22 16:14:32 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
2024-01-22 16:14:32 WARNING SSL connection closed from (IP_REDACTED)47010
2024-01-22 16:14:32 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
2024-01-22 16:14:32 WARNING SSL connection closed from (IP_REDACTED):46931
2024-01-22 16:14:32 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
2024-01-22 16:14:32 WARNING SSL connection closed from (IP_REDACTED):46939
2024-01-22 16:14:32 INFO SSL connection accepted from (IP_REDACTED):43341
and so on.
I have tried just about every combination of certs/directives that I can find or think of, but I cannot get the connection to establish correctly.
I validated the cert and chain using openssl and even tried using AllowExpired but that directive is not supported, apparently.
The sending service is all green lights and happy.
Any thoughts would be appreciated!
Community version 3.2.2329 (Windows)
conf:
define ROOT C:\Program Files\nxlog
define CERTDIR C:\Program Files\nxlog\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input ssl>
Module im_ssl
Host 192.168.1.11
Port 6514
CAFile %CERTDIR%\Valid_Public_CA.crt
CertFile %CERTDIR%\Valid_Public_cert.crt
CertKeyFile %CERTDIR%\Valid_Public_key_decrypted.key
AllowUntrusted TRUE
Exec parse_syslog();
</Input>
<Output ssl_output>
Module om_sslHost 127.0.0.1
Port 6515
CAFile %CERTDIR%\Self-Signed.pem
AllowUntrusted TRUE
</Output>
<Route 1>
Path ssl => ssl_output
</Route>
Found a work around, albeit not a great one:
RequireCert FALSE