Hi,

I've never used relp, with or without tls, but this is what I've used to
create certificates to secure our DB connections.

Let me know if this works for you with rsyslog.

Regards,
Flo

On Wed, Dec 5, 2018 at 4:32 PM [EMAIL PROTECTED] <
[EMAIL PROTECTED]> wrote:

Be very careful with that one, it must have a password and must never be transmitted.

2. now create the (self-signed) CA certificate itself:

3. Create server certificate

4. Create client certificate

$ openssl genrsa -des3 -out company-ca.key 2048

$ openssl req -new -x509 -days 3650 -subj '/C=CH/ST=SO/L=SO/O=IT/CN=Company' -key company-
ca.key -out company-ca.crt

$ openssl genrsa -des3 -out server.key 2048

$ openssl rsa -in server.key -out server.key

$ openssl req -new -nodes -key server.key -days 3650 -out /tmp/server.csr -subj '/C=CH/ST=SO/L=SO/
O=IT/CN=server.domain.net'

$ openssl x509 -days 3650 -req -in /tmp/server.csr -CA company-ca.crt -CAkey company-ca.key -
CAcreateserial -out server.crt

$ openssl genrsa -des3 -out client.key 2048

$ openssl rsa -in client.key -out client.key

$ openssl req -new -nodes -key client.key -days 3650 -out /tmp/client.csr -subj '/C=CH/ST=SO/L=SO/
O=IT/CN=*.domain.net'

$ openssl x509 -days 3650 -req -in /tmp/client.csr -CA company-ca.crt -CAkey company-ca.key -
CAcreateserial -out client.crt _______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.