Hello,

Romain upgraded Infoblox from version 8.4.8 to 9.0.3. Since the upgrade, secure syslog traffic using Secure TCP is no longer working. The reason seems to be a non-compliant CA root certificate used for encryption. Re-signing the CA root certificate is not currently an option.

If possible, consider prioritizing this solution. Upgrading the CA root certificate to comply with RFC 5280 is the most secure approach. This ensures a strong foundation for encrypted communication.

Downgrading software is generally not recommended due to potential security vulnerabilities and bug fixes not present in older versions.

Infoblox documentation or forums might have information about alternative configuration options related to certificate verification for syslog-ng.

Using a non-compliant CA root certificate can compromise the security of your encrypted syslog traffic.

Upgrading the CA root certificate to comply with RFC 5280 is the most secure and recommended approach. If that's not possible immediately, consider the temporary solution of downgrading Infoblox with the understanding of the associated security risks. Avoid bypassing certificate verification unless absolutely necessary and only after thoroughly understanding the implications.