3
responses

I am currently running into an issue receiving syslog over ssl/tls. I cannot figure it out for the life of me!

Version:
CE-2.10.2150

Error:
INFO SSL connection accepted from IP_ADDRESS:PORT
ERROR SSL certificate verification failed: unsupported certificate purpose (err: 26)
WARNING SSL connection closed from IP_ADDRESS:PORT

Config:
<Input in>
Module im_ssl
Host 0.0.0.0
Port 516
AllowUntrusted TRUE
CAFile %CERTDIR%\%CA-PEM%
CertFile %CERTDIR%\%CRT%
CertKeyFile %CERTDIR%\%KEY%
KeyPass %PASSWORD%
</Input>

AskedJanuary 31, 2020 - 5:27pm

Answer (1)

ERROR SSL certificate verification failed: unsupported certificate purpose (err: 26)

You can dump the certificate with openssl x509 -text and check what it shows for the purpose. It probably wasn't issued properly.

Comments (2)

  • jstock's picture

    The NXLog Server's certificate has the Server and Client Authentication purposes.

    This certificate is intended for the following purpose(s):
    - Ensures the identity of a remote computer
    - Proves your identity to a remote computer