NXlog cannot verify self-signed CA certificate


#1 goerlitz

Hi,

I'm trying to foward log events with NXlog to logstash over a SSL connection. Therefore, I generated my own CA certificate and a certificate to be used by logstash for the SSL connection. NXlog is installed on a Ubuntu 14.04 (virtual) machine with the CA certificate added as '/etc/ssl/certs/logstash-ca.crt'.

I tested the connection with

openssl s_client -CAfile /etc/ssl/certs/logstash-ca.cert -connect localhost:5000

and everything works fine (all entered text lines are received by logstash).

However, when I start NXlog with the appropriate om_ssl output configuration it fails with

ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)

My NXlog configuration looks like this:

User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel DEBUG

# Modules
<Extension _syslog>
    Module xm_syslog
</Extension>
<Extension json>
    Module xm_json
</Extension>

# Nxlog internal logs
<Input internal>
    Module im_internal
    Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
</Input>

<Output sslout>
    Module          om_ssl
    Host            localhost
    Port            5000
    CertFile        "/etc/ssl/certs/logstash-ca.crt"
    OutputType      LineBased
</Output>

<Route logstash>
    Path internal => sslout
</Route>

 

When I start NXlog with

sudo nxlog -f -c nxlog.conf

the debug output looks like this:

2015-03-05 20:37:05 DEBUG module sslout got 1 poll events
2015-03-05 20:37:05 DEBUG Module sslout can read
2015-03-05 20:37:05 DEBUG [...]
2015-03-05 20:37:05 DEBUG PROCESS_EVENT: READ (sslout)
2015-03-05 20:37:05 DEBUG om_ssl read
2015-03-05 20:37:05 DEBUG doing handshake
2015-03-05 20:37:05 DEBUG verify callback (ok: 0)
2015-03-05 20:37:05 DEBUG preverification returned non-OK: unable to get local issuer certificate
2015-03-05 20:37:05 DEBUG STOP: sslout
2015-03-05 20:37:05 DEBUG remove socket [21]
2015-03-05 20:37:05 DEBUG executing statements
2015-03-05 20:37:05 DEBUG [...]
2015-03-05 20:37:05 INFO reconnecting in 1 seconds
2015-03-05 20:37:05 ERROR [om_ssl.c:532/io_err_handler()] -;[ssl.c:168/nx_ssl_check_io_error()] SSL certificate verification failed: unable to get local issuer certificate (err: 20)

I have no idea why the verification work with OpenSSL but fails with NXlog (I'm using nxlog-ce-2.8.1248 and OpenSSL version is 1.0.1f).

Any help is highly appreciated.

 

#2 adm Nxlog ✓
#1 goerlitz
Hi, I'm trying to foward log events with NXlog to logstash over a SSL connection. Therefore, I generated my own CA certificate and a certificate to be used by logstash for the SSL connection. NXlog is installed on a Ubuntu 14.04 (virtual) machine with the CA certificate added as '/etc/ssl/certs/logstash-ca.crt'. I tested the connection with openssl s_client -CAfile /etc/ssl/certs/logstash-ca.cert -connect localhost:5000 and everything works fine (all entered text lines are received by logstash). However, when I start NXlog with the appropriate om_ssl output configuration it fails with ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20) My NXlog configuration looks like this: User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel DEBUG # Modules <Extension _syslog> Module xm_syslog </Extension> <Extension json> Module xm_json </Extension> # Nxlog internal logs <Input internal> Module im_internal Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); </Input> <Output sslout> Module om_ssl Host localhost Port 5000 CertFile "/etc/ssl/certs/logstash-ca.crt" OutputType LineBased </Output> <Route logstash> Path internal => sslout </Route>   When I start NXlog with sudo nxlog -f -c nxlog.conf the debug output looks like this: 2015-03-05 20:37:05 DEBUG module sslout got 1 poll events 2015-03-05 20:37:05 DEBUG Module sslout can read 2015-03-05 20:37:05 DEBUG [...] 2015-03-05 20:37:05 DEBUG PROCESS_EVENT: READ (sslout) 2015-03-05 20:37:05 DEBUG om_ssl read 2015-03-05 20:37:05 DEBUG doing handshake 2015-03-05 20:37:05 DEBUG verify callback (ok: 0) 2015-03-05 20:37:05 DEBUG preverification returned non-OK: unable to get local issuer certificate 2015-03-05 20:37:05 DEBUG STOP: sslout 2015-03-05 20:37:05 DEBUG remove socket [21] 2015-03-05 20:37:05 DEBUG executing statements 2015-03-05 20:37:05 DEBUG [...] 2015-03-05 20:37:05 INFO reconnecting in 1 seconds 2015-03-05 20:37:05 ERROR [om_ssl.c:532/io_err_handler()] -;[ssl.c:168/nx_ssl_check_io_error()] SSL certificate verification failed: unable to get local issuer certificate (err: 20) I have no idea why the verification work with OpenSSL but fails with NXlog (I'm using nxlog-ce-2.8.1248 and OpenSSL version is 1.0.1f). Any help is highly appreciated.  

You should not use double quotes and it is CAFile not CertFile:

CAFile        /etc/ssl/certs/logstash-ca.crt