Mailing List Archive

Multiple TLS Certs and Ports
Hi,

Am I right in saying that multiple different TLS certs across multiple ports is unsupported?

So, I cannot declare various configs with different Cases etc.:

paidca.conf:

```
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/etc/pki/tls/certs/paidca.crt"
DefaultNetstreamDriverCertFile="/etc/pki/tls/certs/paidssl.crt"
DefaultNetstreamDriverKeyFile="/etc/pki/tls/private/paidssl.key”
```

myca.conf:

```
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/etc/pki/tls/certs/myca.crt"
DefaultNetstreamDriverCertFile="/etc/pki/tls/certs/myssl.crt"
DefaultNetstreamDriverKeyFile="/etc/pki/tls/private/myssl.key”
```

It’s either TCP only for the entire rSyslog instance or TLS TCP for the entire instance with one set of certs?

Thank you.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Multiple TLS Certs and Ports [ In reply to ]
You do this at the input() level.

Rainer

Sent from phone, thus brief.

Robert Gabriel via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 23.
Nov. 2022, 18:55:

> Hi,
>
> Am I right in saying that multiple different TLS certs across multiple
> ports is unsupported?
>
> So, I cannot declare various configs with different Cases etc.:
>
> paidca.conf:
>
> ```
> DefaultNetstreamDriver="gtls"
> DefaultNetstreamDriverCAFile="/etc/pki/tls/certs/paidca.crt"
> DefaultNetstreamDriverCertFile="/etc/pki/tls/certs/paidssl.crt"
> DefaultNetstreamDriverKeyFile="/etc/pki/tls/private/paidssl.key”
> ```
>
> myca.conf:
>
> ```
> DefaultNetstreamDriver="gtls"
> DefaultNetstreamDriverCAFile="/etc/pki/tls/certs/myca.crt"
> DefaultNetstreamDriverCertFile="/etc/pki/tls/certs/myssl.crt"
> DefaultNetstreamDriverKeyFile="/etc/pki/tls/private/myssl.key”
> ```
>
> It’s either TCP only for the entire rSyslog instance or TLS TCP for the
> entire instance with one set of certs?
>
> Thank you.
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Multiple TLS Certs and Ports [ In reply to ]
Hi,

I have this working!

Thank you so much Rainer, much appreciated.

> On 23 Nov 2022, at 20:38, Rainer Gerhards via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> You do this at the input() level.
>
> Rainer
>
> Sent from phone, thus brief.
>
> Robert Gabriel via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 23.
> Nov. 2022, 18:55:
>
>> Hi,
>>
>> Am I right in saying that multiple different TLS certs across multiple
>> ports is unsupported?
>>
>> So, I cannot declare various configs with different Cases etc.:
>>
>> paidca.conf:
>>
>> ```
>> DefaultNetstreamDriver="gtls"
>> DefaultNetstreamDriverCAFile="/etc/pki/tls/certs/paidca.crt"
>> DefaultNetstreamDriverCertFile="/etc/pki/tls/certs/paidssl.crt"
>> DefaultNetstreamDriverKeyFile="/etc/pki/tls/private/paidssl.key”
>> ```
>>
>> myca.conf:
>>
>> ```
>> DefaultNetstreamDriver="gtls"
>> DefaultNetstreamDriverCAFile="/etc/pki/tls/certs/myca.crt"
>> DefaultNetstreamDriverCertFile="/etc/pki/tls/certs/myssl.crt"
>> DefaultNetstreamDriverKeyFile="/etc/pki/tls/private/myssl.key”
>> ```
>>
>> It’s either TCP only for the entire rSyslog instance or TLS TCP for the
>> entire instance with one set of certs?
>>
>> Thank you.
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.