Reply

syslog secure tcp issue

New Member
Posts: 1
810     0

Hi all,

 

I updated infoblox from version 8.4.8 to version 9.0.3.

 

Since then, I don't have anymore encrypted syslog flows (Secure TCP). This error is present because my CA root certificate is not compliant to RFC 5280. I specify that I cannot resign the  CA root certificate at the moment.

At version 8.4.8, infoblox was accepting the non-compliance of the CA root certificate. At version 9.0.3, infoblox seems to refuse our non-compliant CA root certifcate.

 

Do you know the possibility of bypassing this verification for syslog-ng process ?

 

Have a good day.

Re: syslog secure tcp issue

New Member
Posts: 1
810     0

Hello,

 

Romain upgraded Infoblox from version 8.4.8 to 9.0.3. Since the upgrade, secure syslog traffic using Secure TCP is no longer working. The reason seems to be a non-compliant CA root certificate used for encryption. Re-signing the CA root certificate is not currently an option.

If possible, consider prioritizing this solution. Upgrading the CA root certificate to comply with RFC 5280 is the most secure approach. This ensures a strong foundation for encrypted communication.

Downgrading software is generally not recommended due to potential security vulnerabilities and bug fixes not present in older versions.

Infoblox documentation or forums might have information about alternative configuration options related to certificate verification for syslog-ng.

Using a non-compliant CA root certificate can compromise the security of your encrypted syslog traffic.

 

Upgrading the CA root certificate to comply with RFC 5280 is the most secure and recommended approach. If that's not possible immediately, consider the temporary solution of downgrading Infoblox with the understanding of the associated security risks. Avoid bypassing certificate verification unless absolutely necessary and only after thoroughly understanding the implications.

Re: syslog secure tcp issue

New Member
Posts: 1
810     0

Hello

A am thoroughly understanding the implications of bypassing certificate verification.

I my situation it will be a short but necessary less secure periode. 

Can you handout the hidden command to disable the validation of RFC 5280?

Thank you!

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You