2
responses

Hello,

i am setting up SSL connection between rsyslog over linux box and nxlog endpoint. While win boxes connect like a charm linux boxes issue the following:

2018-10-12 11:51:26 ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found

I then found on your forum this post https://nxlog.co/question/1926/nxlog-ce-v291716-certificate-built-ecdsa-key where they talk about rebuild certificate without Digital Signature KeyUsage flag.

I assumed to rebuild client.crs since my rootCA.crt does not report any Digital Signature :

X509v3 extensions:
    X509v3 Subject Key Identifier:
        AB:E6:E4:61:11:89:43:21:87:FB:91:08:44:C0:15:A7:41:3B:A3:53
    X509v3 Authority Key Identifier:
        keyid:AB:E6:E4:61:11:89:43:21:87:FB:91:08:44:C0:15:A7:41:3B:A3:53
        DirName:/C=US/ST=Some-State/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (e.g. server FQDN or YOUR name)/emailAddress=Email Address
        serial:AF:06:5F:4B:97:ED:81:90

    X509v3 Basic Constraints:
        CA:TRUE
    X509v3 Key Usage:
        Certificate Sign, CRL Sign

I built a new client.csr without any trace of X509v3 extensions, but i always get the same error message.

Any help is well appreciated. Thanks

AskedOctober 12, 2018 - 12:09pm

Answer (1)

I don't think the CA is responsible. You'll need to figure out why the client closes the connection. Wireshark can be also quite useful to debug the TLS handshake. Also see the OpenSSL Certificate Creation section in the user guide.

Comments (1)

  • comoalt's picture

    Hello b0ti,

    i checked out the guide but openssl commands are the same i used. About Wireshark what exactly do i need to look for? It is clear handshake phase but is there something to focus on?

    thank you