[rsyslog-notify] Forum Thread: rsyslog (solaris) + TLS - (Mode 'post')

[noreply at adiscon.com]

User: micsnare 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25649#p25649

Message: 
----------
hi all,

currently i'm having troubles getting rsyslog and TLS on solaris 11.2 to
work. I've configured my Solaris host to log to a remote loghost, but I
don't know what I'm doing wrong here, as the same setup seems to work well
on Linux.
On Solaris I'm getting this error:
[quote:37r06kuv]rsyslogd-2088: error: peer name not authorized -  not
permitted to talk
to it. Names: CN: #0c13677275656e626572672e65622e6c616e2e6174;  [try=20
<!-- m --><a class="postlink"
href="http://www.rsyslog.com/e/2088">http://www.rsyslog.com/e/2088</a><!--
m --> ][/quote:37r06kuv]

Of course I've checked the link that was appended in the error message, but
to be honest it didn't really help me.

Now a little bit about my setup/config:
I'm using Rsyslog Version 6.2.0

and I've added a certificate (pem file) in /etc/certs/
I've also added an auth.conf in /etc/rsyslog.d/ which i've included in the
rsyslog.conf as well. The auth.conf loads the pem file in /etc/certs
$DefaultNetstreamDriverCAFile /etc/certs/rootca.pem

I've NO problems viewing the certificate with openssl, so I can probably
rule out a problem with the certificate.
As mentioned before, the same config and certificate work on Linux.

Any ideas what I'm missing here?
Maybe the certifcate needs to be properly imported on Solaris and not just
copied to /etc/certs ?!

Other than that I wouldn't know how to interpret this error message "error:
peer name not authorized - not permitted to talk to it."

cheers,
theresa